AHEAD  OF  TIME 

The  Red  Cross  and  other  organizations  mostly 
beat  the  clock  on  system  fixes  for  DST.  page  ig 
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Microsoft  Gets 
Integration  Push 

Users  say  vendor  needs  more  tools 
for  linking  its  apps  to  other  systems 


BY  MARC  L.  SONGINI 

SAN  DIEGO 

At  its  Convergence 
2007  user  conference 
last  week,  Microsoft 
Corp.  detailed  a  grow¬ 
ing  set  of  tools  and  ser¬ 
vices  for  connecting  its 
business  applications  to  other 
systems.  But  users,  while  not¬ 
ing  that  Microsoft  has  begun 
to  make  its  applications  less 
monolithic,  said  the  software 
vendor  needs  to  do  more. 

Five  attendees  interviewed 
here  said  they’re  looking  for 


Microsoft  to  provide 
simpler  —  and  clearer 
—  methods  of  integrat¬ 
ing  the  company’s 
Dynamics  ERP  and 
customer  relationship 
management  software 
with  its  other  products 
and  with  applications  from 
other  vendors,  using  technolo¬ 
gies  such  as  Web  services. 

“What  kills  people  in  my 
role  is  that  vendors  don’t  make 
systems  that  talk  together 
with  other  systems,”  said 

Integration,  page  14 


Microsoft  no 
longer  sees  a 
need  to  put  its 
ERP  apps  on 
one  code  base. 


IT  Braces  for  ‘J-SOX’  Rules 

Japan  imposing  new  financial  controls 
framework  similar  to  Sarbanes-Oxley 


BY  THOMAS  HOFFMAN 

Japanese  companies  and  their 
international  subsidiaries 
have  started  prepping  for  next 
year’s  implementation  of  a 
corporate  governance  frame¬ 
work  that’s  comparable  to  the 
requirements  imposed  by  the 
Sarbanes-Oxley  Act  in  the  U.S 
Many  U.S.-based  IT  manag¬ 


ers  have  started  working  on 
processes  to  ensure  compli¬ 
ance  with  the  emerging  finan¬ 
cial  controls  requirements,  in¬ 
formally  known  as  J-SOX,  even 
though  initial  details  aren’t 
expected  until  next  month. 

“This  is  just  like  the  early 
stages  of  Sarbanes-Oxley 

J-SOX,  page  48 
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How  to  keep  corporate 
secrets  safe  in  the  new 
Web  world.  Page  25 


ADVERTISEMENT 


"Data  volumes  are  growing  at  expo¬ 
nential  rates.  With  these  vast  stores 
of  data,  businesses  are  seeking  ways 
to  turn  data  into  useful  information 
that  can  be  exploited  for  competitive 
advantage.  The  2005  WinterCorp 
TopTen  survey  results  reveal  signifi¬ 
cant  strengths  for  Microsoft  SQL 
Server  in  the  very  large 
database  market  for  both 
data  warehousing  and 
OLTP  systems." 

-  Richard  Winter 

President 

Winter  Corporation 


To  find  out  how  solutions  from 
HP,  Intel  and  Microsoft  can  help 
future-proof  your  company, 

visit  www.futureproofnow.com 


Future-Proof 

The  information  age  is  here. 

But  are  you  ready  for  the  information  demands 
of  tomorrow? 

For  many  companies,  access  to  information  means  everything.  Not  just  market  and  financial  informa¬ 
tion,  but  also  customer  buying  trends  and  competitive  intelligence.  Information  needs  to  be  instant¬ 
ly  available  anytime,  day  or  night.  Building  an  information  architecture  that  will  meet  today's 
demands  and  will  easily  scale  for  future  needs  requires  a  team  with  experience  building  highly 
advanced  data  center  solutions.  HP,  Intel  and  Microsoft  have  proven  solutions  that  deliver  enter¬ 
prise-class  performance  and  reliability  at  lower  cost  through  the  use  of  the  latest  industry-stan¬ 
dard  technology. 

Ten  Terabytes  of  Customer  Data  And  Growing 

-  No  Problem  for  PREMIER  Bankcard 

For  PREMIER  Bankcard,  Inc.  (PBI),  rapid  access  to  cus¬ 
tomer  information  is  vital.  With  more  than  5  million  customers 
and  over  10  tera-bytes  of  data,  sifting  through  it  all  for  just  the 
right  information  is  no  easy  task.  PBI  is  constantly  adding  cus¬ 
tomers  and  additional  data  to  support  analytics,  which  increas¬ 
es  the  size  of  its  database  by  over  300  gigabytes  each  month.  In 
order  to  design  a  robust  system  that  could  handle  its  current  data 
and  transaction  loads,  and  scale  well  into  the  future,  PBI  chose 
a  solution  from  HP,  Intel  and  Microsoft. 

PREMIER  Bankcard  needed  a  complete  data  warehouse  to 
conduct  complex  analyses  of  its  credit  card  customer  base.  PBI 
chose  the  HP  Integrity  rx862Q  server  powered  by  16  Intel® 

Itanium®  2  processors,  an  HP  StorageWorks  EVA5000  SAN 
system,  Microsoft®  Windows  Server™  2003  Datacenter  Edition 
and  Microsoft  SQL  Server™  2005.  The  deep  analysis  is  complet¬ 
ed  in  layers,  with  over  30  power  users  performing  elaborate 
queries  directly  in  the  data  warehouse  and  over  2,000  users 
running  hundreds  of  unique  reports  via  SQL  Server  2005 
Reporting  Service.  PBI  is  using  all  aspects  of  Microsoft’s 
Business  Intelligence  offerings  including  SQL  Server 
Integration,  Reporting  and  Analysis  Services  and  Microsoft 
Office  BI  products.  While  the  single  16-processor  server  pro¬ 
vides  more  than  enough  power  for  PBI’s  current  needs,  the 
opportunity  to  move  to  an  HP  Integrity  server  in  the  future 
with  64  or  more  multi-core  Itanium  processors  gives  PBI  the 
option  to  scale  to  virtually  any  level.  “This  solution  is  proving 
to  contain  the  perfect  combination  of  flexibility,  scalability  and 
performance  required  to  support  the  high  growth  rate  that  we 


have  been  enjoying,”  says  Dan  Zerfas,  vice  president  of  Software 
Development  at  PREMIER  Bankcard,  Inc. 

A  Major  Transformation  Toward  Standards- 
Based  Platforms 

One  reason  PREMIER  Bankcard  has  been  so  successful  in 
building  a  scalable,  yet  affordable,  database  solution  is  that  it 
leveraged  industry-standard  components.  Standards-based  com¬ 
puting  systems  have  matured  to  the  point  where  they  can  now 
handle  the  most  demanding  enterprise  applications  and  work¬ 
loads  at  lower  cost  and  with  greater  flexibility  than  proprietary 
RISC  and  mainframe  systems.  This  fundamental  shift  in  com¬ 


puting  capability  is  helping  many  of  the  worlds  largest  compa¬ 
nies  substantially  reduce  their  total  costs.  Standards-based  com¬ 
puting  systems  are  also  helping  companies  to  future-proof  their 
data  centers  by  enabling  them  to  easily  scale  up  or  down  in 
response  to  business  needs  and  market  dynamics. 

Enterprise  server  solutions  from  HP,  Intel  and  Microsoft  are 
at  the  center  of  this  transformation.  HP  Integrity  servers  with 


ADVERTISEMENT 


Your  Business 


dual-core  64-bit  Intel®  Itanium®  2  processors  and  the  Microsoft® 
Windows  Server  2003  operating  system  not  only  cost  less  than  tradi¬ 
tional  enterprise  systems  —  they  also  deliver  comparable  or  better  per¬ 
formance,  scalability  and  availability.  They  are  supported  by  a  larger 
community  of  vendors,  and  reduce  life-cycle  costs  through  simplified 
management. 

Standardization  can  also  provide  substantial  benefits  for  users  who 
need  to  access  business  data.  By  using  a  standardized  reporting  system 
based  on  SQL  Server  Reporting  Services,  reports  have  a  consistent 
look  and  feel,  and  users  are  more  productive.  As  a  result,  FBI  has 
reduced  the  time-to-market  of  its  analytic  work  by  more  than  90%.  A 


report  that  took  a  week  to  do  manually  can  now  be  completed  in  as 
little  as  three  hours.  In  addition,  round-the-clock  system  dependability 
means  analysis  is  available  whenever  PBI  needs  it.  “A  data  warehouse  is 
only  as  good  as  the  data  provided  to  the  end  user,”  says  Zerfas.  “The 
reliability  and  performance  of  Reporting  Services  running  on  an  HP 
Integrity  server  allows  our  users  to  spend  their  time  analyzing  and 
managing  information  instead  of  pulling  data.” 

For  PREMIER  Bankcard,  rapid  data  access  is  everything.  With  the  help 
of  HP,  Intel  and  Microsoft,  the  company  has  built  a  solution  that  will  carry 
it  successfully  into  the  future. 


Future-Proofing  at  Work:  PREMIER  Bankcard,  Inc. 


With  more  than  5  million  customers,  PREMIER  Bankcard,  Inc. 
(PBI)  is  one  of  the  leading  credit  card  companies  in  the  United 
States.  PBI  needed  online  transaction  processing  (OLTP)  and 
data  warehouse  solutions  that  could  handle  over  10  terabytes 
of  customer  information  spread  across  several  databases. 
With  its  new  IT  infrastructure  using  an  ltanium®-based  HP 
Integrity  server  running  Microsoft®  Windows  Server™  2003 
and  SQL  Server™  2005,  PBI  is  able  to  handle  its  current  and 
future  data  management  needs. 

"The  technology  in  this  HP/Intel/Microsoft  solution  is  built 
to  grow  with  our  business.  We  don't  have  to  worry  about  it,” 
says  Ron  Van  Zanten,  managing  officer  of  Business 
Intelligence  at  PREMIER  Bankcard,  Inc. 

Challenges 

•  A  system  to  handle  over  10TB  of  data  that  grows  300GB 
per  month 

•  Performance  and  reliability  to  allow  instant,  anytime 
access  to  customer  reports  and  data 

•  A  standards-based  system  to  simplify  management  and 
the  user  experience 


Solution 

•  HP  Integrity  rx8620  server  with  16  Intel®  Itanium®  2 
processors  and  64GB  of  RAM 

•HP  Storage  Works  EVA5000 

•  Microsoft  Windows  Server  2003  Datacenter  Edition 

•  Microsoft  SQL  Server  2005 

Results 

•  Expandable  infrastructure 

•  Stable  environment  with  data  that's  more  accessible 

•  Easier-to-use  database  systems  that  increase 
employee  productivity 

•  Mission-critical  system  availability 

•  90%  faster  production  of  data  reports 

•  64-bit  power  resulting  in  100%  to  800%  increase  in 
performance  for  data  warehouse  queries 

To  find  out  how  to  extend  volume  economics 
to  your  most  mission-critical  computing, 
visit  www.futureproofnow.com 
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ENTERPRISE  INTELLIGENCE  PLATFORM 

DATA  INTEGRATION 

INTELLIGENCE  STORAGE 

BUSINESS  INTELLIGENCE 

ANALYTICS 


Today’s  surge  in  data  from  a  variety  of  new  sources  translates  into  staggering  demands  on  your  IT  department. 
Regardless  of  the  project  list  -  building  data  warehouses,  consolidating  multiple  databases,  cleansing  data  in 
real-time,  augmenting  operational  data  with  new  information,  or  even  dealing  with  ERP  systems  -  SAS  helps 
you  connect,  cleanse,  consolidate  and  create  value  from  all  your  enterprise  data.  Whether  your  data  integration 
needs  are  stand-alone,  or  you  need  to  seamlessly  integrate  with  our  scalable,  end-to-end  business  and  analytic 
platform,  the  result  is  better  answers,  faster.  And  with  SAS’  flexible  and  complete  data  integration  solution,  you 
can  spend  more  time  driving  strategic  initiatives. 

Want  Proof?  Find  out  why  SAS  is  at  work  in  97  of  the  top  100  companies  on  the  2006  FORTUNE  500®  — 
with  customer  retention  rates  exceeding  98%  annually  for  30  years. 


www.sas.com/data  •  Free  white  paper 


THE 
POWER 
TO  KNOW, 
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NEWS 


6  Hackers  may  get  most  of  the 
public  blame,  but  internal  sna¬ 
fus  are  by  far  the  leading  cause 
of  data  breaches  at  companies, 
according  to  a  new  study. 

6  Microsoft  is  giving  some  corpo¬ 
rate  users  financial  incentives 
to  use  its  Live  Search  engine  and 
trying  to  entice  developers  to 
create  mashups  for  Live  Search. 

8  Notes  8  beta  testers  say  the 

upgrade  includes  extensive 
user  interface  improvements  that 
should  make  the  e-mail  client 
software  more  user-friendly. 

8  Early  Outlook  2007  users  are 

blaming  sluggish  performance 
on  changes  made  to  accommo¬ 
date  new  features  such  as  RSS 
feeds  and  search  indexing. 

4AQ&A:  California  CIO  J.  Clark 
l£  Kelso  said  state  officials  are 
treating  the  issue  of  using  open, 
XML-based  file  formats  “as  a 
straight  business  decision”  — 
not  an  ideological  battle. 

<|IJ  Daylight-saving  time’s  early 
lUstart  appeared  to  arrive  with¬ 
out  major  IT  problems.  But  some 
companies  had  to  make  time 
changes  manually  in  order  to 
beat  the  clock. 

M  Global  Dispatches:  Barclays’ 
credit  card  unit  says  it  will 
close  a  U.K.  call  center  and  move 
some  jobs  to  India;  and  the  U.S. 
State  Department  says  China  is 
increasing  oversight  of  its  citi¬ 
zens’  Internet  use. 
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Data  Center  Moves: 

Best  Practices 

HARDWARE:  More  than  half  of 
all  data  centers  will  relocate 
or  expand  significantly  by  2015, 
thanks  mostly  to  new  technolo¬ 
gies  like  blade  servers.  Here’s 
what  you  need  to  know  to 
make  the  move  a  good  one. 

O  www.computerworld.com/hardware 
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On  the  Mark: 

Mark  Hall 

gets  advice 
from  a  “chief 
geek”:  If  you 
think  Web 
services  are  the  only  way  to 
build  SOA  apps,  think  again. 

Don  Tennant  argues  that 
£m£m  the  perpetual  buzz  of 
anti-Microsoft  fanaticism 
makes  it  less  likely  that  al¬ 
ternatives  are  given  serious 
consideration. 

M  Laurie  Orlov  says  that  as 
corporations’  depen¬ 
dence  on  technology  grows, 
CIOs  must  help  CEOs  expect 
more  from  IT. 

M  Frankly  Speaking:  Frank 
Hayes  thinks  that  even 
though  the  fix  probably  wasn’t 
in  when  the  HP  Four  got  off 
lightly,  the  pre¬ 
texting  case  is 
a  sad  commen¬ 
tary  on  a  great 
company  gone 
awry. 
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How  to  Surf  Anonymously 
Without  Leaving  a  Trace 

NETWORKING:  With  federal  author¬ 
ities  increasingly  demanding  Web 
sites’  records,  your  online  privacy 
is  becoming  more  endangered. 
Here’s  how  to  protect  yourself. 

O  www.computerworld.com/networking 
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Breaking  News:  computerworld.com/news 

Newsletter  Subscriptions: 
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Knowledge  Centers: 
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KNOWLEDGE  CENTER  SECiliTY 


Security  for 
Web  2.0 

Editor’s  note:  How 

companies  are 
learning  to  keep 
their  corporate  se¬ 
crets  safe  in  the  new 
Web  world,  package 

BEGINS  ON  PAGE  25 

Keeping  Secrets  in  a 

WikiBlogTubeSpace 
World.  The  debate  rages 
over  how  to  minimize  se¬ 
curity  risks  from  blogging, 
social  networking,  video 
sharing  and  other  inter¬ 
active  activities  that 
fall  under  the  Web  2.0 
umbrella.  Here’s  how  some 
companies  are  tackling 
the  challenge.  Plus,  Sun 
Microsystems,  IBM,  Yahoo 
and  other  companies  share 
15  guidelines  for  creating  a 
blog  policy. 

IM  Confidential.  Upfront 
OIL  recognition  of  IM  as 
a  powerful  business  tool 
requires  upfront  employee 
accountability  for  its  use. 
Here’s  how  to  avoid  the 
security  problems. 

MYour  Gadgets  Are 

Springing  Leaks.  Hand¬ 
held  electronics  are  cheap 
enough  for  the  average 
worker  to  own,  which 
means  more  of  these 
devices  —  and  a  greater 
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variety  of  them  —  are 
getting  hooked  up  to  net¬ 
works.  Here’s  how  to  plug 
the  holes. 

QQ  The  Conversation. 

UU“Thou  shalt  not”  is  a 
big  turn-off  for  the  Gen  Y 
crowd.  When  spreading 
the  message  about  small- 
device  security,  try  face- 
to-face  communication 
and  sharp  marketing. 

Six  Ways  to  Stop  Data 

Leaks.  A  DuPont  sci¬ 
entist’s  theft  of  $400  mil¬ 
lion  worth  of  proprietary 
information  from  a  data¬ 
base  of  the  chemical 
company  highlights  the 
need  for  controls  to  curb 
insider  security  threats. 
Here  are  some  tips  on 
how  to  mitigate  risks  and 
better  track  what’s  going 
on  inside  your  firewall. 

Q&A:  Shred  Your  Bits 
Tb  for  Safety’s  Sake.  Jeff 
Jonas,  chief  scientist  and 
distinguished  engineer  in 
IBM’s  Entity  Analytic  So¬ 
lutions  group,  discusses  a 
method  of  data  protection 
known  as  anonymization. 

Opinion:  Get  Serious. 

"t "t  Columnist  Mark  Hall 
is  angry  that  CIOs  are  too 
timid  to  tackle  the  prob¬ 
lem  of  secure  messaging. 
So  he  outlines  a  plan  that 
they  should  follow. 


ore  Online 


The  following  stories  can  be  found  at  Computerworld.com. 


TechCast:  Web  2.0  poses 
technical,  social  and  legal 
challenges  for  corporations. 
From  user  education  to 
secure  coding  and  insurance, 
there's  lots  to  consider. 
Listen  to  our  Web  2.0 


Security  Techcast  for 
an  overview  of  the  ways 
companies  should  be 
responding. 

Book  excerpt:  Secure 
applications  require 


good  coding  practices 
and  sound  principles  to 
avoid  breaches  and  hacks, 
according  to  the  authors 
of  Professional  Web  2.0 
Programming.  Read  more 
in  this  excerpt. 
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Judge  Dismisses 
Case  Against  Dunn 

A  California  state  court  judge 
dismissed  all  of  the  charges  filed 
against  former  Hewlett-Pack¬ 
ard  Co.  Chairwoman  Patricia 
Dunn  in  connection  with  last 
year’s  pretexting  scandal  at  HP. 
Prosecutors  had  dropped  felony 
charges  against  Dunn  in  return 
for  her  agreeing  to  plead  guilty 
to  a  misdemeanor  charge  of 
fraudulent  wire  communications. 
But  she  never  had  to  enter  a  plea 
because  of  the  judge’s  action. 


Livedoor  Founder 
Gets  Prison  Term 

Takafumi  Horie,  founder  and 
former  CEO  of  Japanese  Internet 
portal  operator  Livedoor  Co., 
was  found  guilty  of  violating  se¬ 
curities  laws  by  a  judge  in  Tokyo 
District  Court  and  sentenced  to 
two  and  a  half  years  in  prison. 
The  judge  ruled  that  investment 
funds  set  up  by  Livedoor  in  Hong 
Kong  and  elsewhere  were  used 
to  evade  the  law  and  had  nothing 
to  do  with  its  business.  He  said 
e-mails  showed  that  Horie  knew 
of  the  transactions. 


Cisco  to  Acquire 
WebEx  for  $3.2B 

Cisco  Systems  Inc.  has  agreed 
to  acquire  WebEx  Communica¬ 
tions  Inc.  for  $3.2  billion,  giving 
the  network  equipment  maker 
a  foothold  in  the  software-as- 
a-service  market.  The  deal  for 
WebEx,  creator  of  an  online  col¬ 
laboration  service,  is  expected 
to  close  in  the  fourth  quarter  of 
Cisco’s  fiscal  2007.  WebEx  has 
2,200  employees  and  reported 
$380  million  in  2006  revenue. 


AT&T  Plans  to  Invest 
S750M  in  Network 

AT&T  Inc.  said  it  expects  to  add 
features  to  its  virtual  private  net¬ 
work  service  and  expand  high¬ 
speed  connections  as  part 
of  a  plan  to  invest  more  than 
$750  million  in  its  global  busi¬ 
ness  network  this  year.  The  ser¬ 
vices  will  include  the  introduction 
of  new  class-of-service  capabili¬ 
ties  and  help  for  customers  in 
setting  up  VPN  routing  groups. 


Internal  Snafus  Cause  of 
Most  Breaches,  Study  Says 


Security  incidents  more  likely  to  result 
from  corporate  mistakes  than  hackers 


BY  JAIKUMAR  VIJAYAN 

HIS  YEAR,  more 
than  72  million 
records  containing 
Social  Security  and 
credit  card  numbers,  birth 
dates  and  other  personal  data 
will  be  exposed  to  unauthor¬ 
ized  users  in  the  U.S.,  accord¬ 
ing  to  a  study  by  researchers  at 
the  University  of  Washington 
in  Seattle. 

And,  the  researchers  said, 
the  main  culprit  isn’t  the 
oft-vilified  malicious  hacker. 
Instead,  they  blamed  snafus 
inside  companies  as  the  big¬ 
gest  cause  of  data  breaches. 

That  conclusion  was  based 
on  a  review  of  550  security 
breaches  that  were  reported 
in  major  U.S.  news  outlets  be¬ 
tween  1980  and  last  year.  The 
goal  was  to  examine  the  role 
that  organizational  behavior 
plays  in  privacy  violations. 

The  study  found  that  61%  of 
the  incidents  involved  internal 
foul-ups,  such  as  accidentally 
putting  personal  information 
online  or  losing  track  of  back¬ 
up  tapes  and  other  equipment. 


In  contrast,  31%  of  the 
breaches  were  perpetrated  by 
external  hackers,  said  Philip 
Howard,  an  assistant  profes¬ 
sor  of  communication  at  the 
University  of  Washington  and 
a  co-author  of  the  report.  The 
remainder  of  the  breaches  had 
unspecified  causes,  he  added. 

In  the  Numbers 

The  university  study  is  re¬ 
inforced  by  similar  findings 
from  other  researchers.  For 
instance,  a  report  released  last 
week  by  the  IT  Policy  Compli¬ 
ance  Group  said  that  human 
error  is  the  overwhelming 
cause  of  losses  of  sensitive 
data  —  contributing  to  75% 
of  all  occurrences,  compared 
with  20%  for  malicious  hack¬ 
ing  activity. 

Similarly,  in  an  electronic 
poll  of  attendees  at  Computer- 
world’  s  Premier  100  IT  Lead¬ 
ers  Conference  this  month, 
the  161  respondents  pointed 
to  “activities  by  internal  staff¬ 
ers,”  “ineffective  policies”  and 
“sloppy  mobile  workers”  as 
the  biggest  sources  of  secu- 


Data  Grabs 


Although  internal  errors  led  to  a 
higher  number  of  data  breaches, 

hackers  are  responsible  for  a 
larger  percentage  of  the  indi¬ 
vidual  data  records  that  were 
compromised,  according  to  a 
University  of  Washington  study. 


1  es  reported  between  1980  and  last 
S  December.  A  total  of  about  1.9  billion 
|  records  were  exposed  in  the  incidents. 


rity  breaches.  Only  11%  of  the 
respondents  fingered  external 
hackers  as  the  leading  cause 
of  breaches  at  their  organiza¬ 
tions. 

Even  in  cases  that  were  pub¬ 
licly  blamed  on  hackers,  the 
reality  can  be  more  nuanced, 
Howard  said. 

One  example  was  the  huge 
data  breach  at  Acxiom  Corp. 
in  2003,  when  a  hacker  who 


Microsoft  Tries  to  End 
Search  Also-ran  Status 

Offers  incentives  to  corporate  users, 
seeks  mashup  apps  for  Live  Search 


BY  ERIC  LAI  AND 
JUAN  CARLOS  PEREZ 

In  an  attempt  to  boost  its  dis¬ 
appointing  share  of  the  search 
market,  Microsoft  Corp.  has 
started  giving  financial  incen¬ 
tives  to  large  corporate  cus¬ 
tomers  that  use  its  Windows 
Live  Search  engine  internally. 

Microsoft  also  hopes  to  cut 
into  Google  Inc.’s  search  lead 
by  encouraging  Web  develop¬ 
ers  and  other  programmers 


to  create  mashups  —  quickly 
assembled  programs  gluing 
together  different  data  sources 
—  that  leverage  Live  Search 
and  its  Virtual  Earth  mapping 
and  location  service. 

The  incentive  program  is 
being  tested  with  “a  select 
number  of  enterprise  custom¬ 
ers  based  on  the  number  of 
Web  search  queries  conducted 
by  their  employees  via  Live 
Search,”  Microsoft  said  in  an 


e-mail  statement  last  week. 

The  company  added  that 
it  is  giving  the  participating 
companies  “service  or  training 
credits”  in  exchange  for  their 
usage  of  Live  Search. 

Microsoft  needs  to  try 
something.  Earlier  this  month, 
UBS  Investment  Research 
said  Microsoft  has  been  losing 
ground  to  both  Google  and 
Yahoo  Inc.  in  online  search 
revenue  and  the  number  of 
queries  being  processed. 

At  Microsoft’s  2007  MVP 
Global  Summit  in  Seattle  last 
week,  Chairman  Bill  Gates 
acknowledged  the  company’s 
search  difficulties  during  a 
Q&A  session  with  attendees. 

“We’re  No.  3,”  he  said.  “It’s 
not  a  position  we’re  used  to 


www.computerworld.com 


was  later  caught  stole  1.6  bil¬ 
lion  customer  records.  He  was 
able  to  get  at  the  data  largely 
because  of  Acxiom’s  failure  to 
establish  proper  access  con¬ 
trols,  Howard  said. 

Tom  Lindblom,  chief  tech¬ 
nology  officer  at  Carpinteria, 
Calif.-based  CKE  Restaurants 
Inc.,  which  owns  fast-food 
chains  such  as  Hardee’s  and 
Carl’s  Jr.,  said  he  thinks  busi¬ 
nesses  are  getting  savvier 
about  implementing  internal 
controls  that  can  mitigate  the 
kinds  of  organizational  prob¬ 
lems  highlighted  by  the  Uni¬ 
versity  of  Washington  study. 
That’s  being  driven  partly  by 
increased  audit  and  regulatory 
requirements,  he  said. 

As  a  result,  Lindblom  noted, 
it’s  hard  to  pinpoint  whether 
hackers  or  internal  problems 
pose  the  greater  security  risk 
at  this  point. 

“I  don’t  think  it’s  a  case  of 
one  or  the  other,”  he  said,  add¬ 
ing  that  it’s  important  to  ad¬ 
dress  both  types  of  threats  in 
risk  management  planning. 

“Certainly,  we  find  that  data 
breaches  are  often  the  result  of 
negligence,”  said  Avivah  Litan, 
an  analyst  at  Gartner  Inc. 

Examples  cited  by  Litan 
include  not  changing  pass¬ 
words  or  using  weak  pass¬ 
words,  along  with  a  tendency 
on  the  part  of  individual 
users  to  leave  log  files  or 
sensitive  data  lying  around 
unprotected.  * 


being  in,  so  clearly  it’s  a  trend 
we’re  committed  to  reverse.” 

Microsoft  is  investing  heav¬ 
ily  in  its  core  search  technol¬ 
ogy  and  in  extra  services,  such 
as  one  for  giving  users  rebates 
from  merchants  they  find  via 
Live  Search,  Gates  said. 

Robert  Bogue,  a  Microsoft 
Most  Valuable  Professional 
from  Indianapolis,  said  he  sees 
some  promise  in  Microsoft’s 
strategy.  Bogue  uses  Google  to 
do  most  text  searches,  but  he 
said  he  prefers  Virtual  Earth’s 
ability  to  show  3-D  views  of 
mapped  locations  over  the  flat, 
top-down  views  of  other  map¬ 
ping  technologies.  > 


Perez  writes  for  the  IDG 
News  Service. 
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Notes  Backers  Hope  Upgrade 
Ends  Its  Ugly-Duclding  Days 


Redesigned  user 
interface  is  a  big 
step  forward  for 
IBM,  testers  say 


BY  ERIC  LAI 

ECHNOLOGY  con¬ 
sultant  John  Head 
isn’t  spilling  any 
big  secrets  when  he 
says,  “Most  people  think  Lotus 
Notes  is  ugly.” 

Head  is  a  Notes  architect  at 
PSC  Group  LLC  in  Schaum¬ 
burg,  Ill.  More  than  a  few  times, 
he  has  watched  a  client  —  a 
newly  merged  company,  for  in¬ 
stance  —  wrestle  over  whether 
to  standardize  on  IBM’s  Notes 
and  Domino  or  Microsoft 
Corp.’s  Outlook  and  Exchange 
for  employee  e-mail.  And  he 
said  he  has  seen  the  decision 
come  down  to  the  company’s 
CEO  “saying  that  he  doesn’t 
like  the  way  Notes  looks.” 

Such  examples  are  one  of 
the  reasons  why  Head  and 
other  members  of  the  Notes 
faithful  are  so  upbeat  about 
IBM’s  Notes  8  upgrade,  which 
is  due  around  midyear.  IBM 
released  the  first  public  beta  of 
Notes  8  and  its  Domino  8  serv¬ 
er  counterpart  on  March  9  and 
announced  the  beta  launch 
last  week.  Company  officials 
said  the  e-mail  client’s  user 
interface  has  been  “reinvented” 
from  the  ground  up. 

“This  is  not  your  father’s 
Notes,”  said  Ken  Bisconti,  vice 
president  of  Lotus  messaging 
and  collaboration  products 
at  IBM.  At  the  same  time,  he 
added,  one  of  the  strengths  of 
Notes  —  its  legendary  back- 
ward-compatibility  —  won’t 
be  compromised.  Companies 
will  still  have  “complete  in¬ 
vestment  protection,”  Bisconti 
said.  “All  your  old  Notes  apps 
will  work.” 

Major  new  features  include 
the  ability  to  view  and  com¬ 
pose  files  in  the  OpenDocu- 
ment  format  directly  within 


Notes.  The  new  version  can 
also  detect  the  online  pres¬ 
ence  of  co-workers  or  friends 
who  are  on  the  instant  mes¬ 
saging  buddy  lists  of  users,  en¬ 
abling  them  to  send  messages 
from  within  Notes  via  IBM’s 
Sametime  IM  software.  In  ad¬ 
dition,  Notes  8  can  be  used  to 
view  RSS  feeds. 

The  upgrade  also  includes 
numerous  user  interface 
tweaks,  such  as  the  use  of 
colors  to  denote  different 
e-mail  senders,  the  ability  to 
add  contacts  by  dragging  and 
dropping  their  e-mails,  and 
support  for  sorting  messages 
by  subject  threads,  a  la  Google 
Inc.’s  Gmail  service. 

Chris  Whisonant,  a  senior 
systems  administrator  at  Com- 


BY  ERIC  LAI 

Early  users  of  Outlook  2007, 
the  latest  version  of  Microsoft 
Corp.’s  market-leading  e-mail 
client,  are  voicing  widespread 
complaints  about  the  soft¬ 
ware’s  sluggish  performance. 

Symptoms  being  reported  in¬ 
clude  temporary  freezes  when 
commands  are  executed  or 
windows  are  opened,  Outlook’s 
inability  to  keep  up  with  text 
as  it  is  typed,  and  slowness  in 
sending  and  receiving  e-mails. 

Most  of  the  problems  don’t 
appear  to  be  the  result  of  un¬ 
derpowered  PCs  or  faulty  or 
misconfigured  e-mail  servers. 
Instead,  users  say  —  and  Mi¬ 
crosoft  acknowledges  —  the 
underlying  cause  is  changes 
made  under  Outlook’s  hood 
to  accommodate  new  features 
such  as  RSS  feeds  and  index¬ 
ing  for  faster  searches. 

Some  bloggers  working  with 
beta  versions  of  Outlook  2007 
have  been  complaining  for 
months.  Even  loyalists  such  as 
Microsoft’s  Most  Valuable  Pro¬ 
fessionals  —  the  company’s 
elite  corps  of  unpaid  technical 
helpers  —  are  grumbling. 


porium  Communications,  a 
telecommunications  service 
provider  in  Rock  Hill,  S.C.,  said 
the  increased  functionality  in 
Notes  8  means  the  software 
uses  more  RAM  than  before. 
But  Whisonant  said  Notes  8  “is 
easy  to  get  used  to  because  you 
just  like  using  it  more.” 

Achilles’  Heel  No  More 

The  user  interface  changes 
should  help  turn  what  re¬ 
mained  an  Achilles’  heel  in 
Notes  7  into  a  strength,  said  Na¬ 
than  Freeman,  a  consultant  at 
Lotus  911  Inc.  in  Kennesaw,  Ga. 

“The  in-box  is  totally  re¬ 
thought,  and  there’s  extensive 
improvements  to  every  aspect 
of  presentation  and  usability,” 
said  Freeman,  who,  like  Head, 


[Outlook  2007] 
hangs  com¬ 
pletely  for  three  to 
seven  seconds 
typically,  and  for  up 
to  20  seconds  in 
worst  cases. 


JASON  CLARKE,  OUTLOOK  USER 
AND  ADMINISTRATOR,  WENC0 
INTERNATIONAL  MINING  SYSTEMS 
LTD. 

“A  lot  of  M VPs  are  com¬ 
plaining  about  Outlook’s 
performance,”  said  Paul  Ro- 
bichaux,  an  Exchange  MVP 
who  works  as  a  consultant  at 
3Sharp,  an  IT  services  firm  in 
Redmond,  Wash. 

Jason  Clarke,  who  oversees 
the  e-mail  system  at  Wenco 
International  Mining  Systems 
Ltd.  in  Richmond,  British  Co¬ 
lumbia,  gets  about  100  e-mails 
daily.  On  his  PC,  he  said,  Out¬ 
look  2007  “hangs  completely 
for  three  to  seven  seconds  typ¬ 
ically,  and  for  up  to  20  seconds 
in  worst  cases,  when  new  mail 


has  been  using  Notes  8  for  the 
past  six  months  and  giving 
IBM  feedback.  Lotus  911  has 
already  deployed  the  new  soft¬ 
ware  to  all  its  employees. 

Head  was  even  more  em¬ 
phatic  about  the  improve¬ 
ments  in  the  new-look  Notes. 
“When  I  show  Notes  8  to 
people,  they  say,  “Wow!  That 
can’t  be  Notes,’  ”  he  said.  The 
software’s  design,  once  “very 
clunky,”  has  been  updated  so 
that  it’s  clean  without  being 
“Web  2.0  trendy,”  Head  added. 

He  acknowledged  that  IBM 
is  stealing  user  interface  de¬ 
sign  concepts  from  Outlook 
and  Gmail.  But  it’s  also  taking 
a  page  out  of  Microsoft’s  play- 
book  and  embracing  and  then 
extending  advances  first  made 


is  being  downloaded.” 

Turning  off  some  Outlook 
add-ins  that  he  has  installed 
‘does  improve  matters  margin¬ 
ally,  but  not  nearly  as  much  as 
it  should,”  Clarke  said.  “The 
hesitation  is  still  very  notice¬ 
able  —  jarring,  even.” 

Clarke  works  in  the  tech¬ 
nical  sales  and  marketing 
department  at  Wenco,  which 
develops  fleet  management 
systems  and  other  applica¬ 
tions  for  mining  companies. 

He  blamed  the  problems  with 
Outlook  2007  on  its  new 
e-mail  indexing  engine. 

With  the  indexing  capabil¬ 
ity,  searches  produce  results 
almost  instantly,  a  vast  im¬ 
provement  over  Outlook  2003. 
However,  the  process  also 
appears  to  be  CPU-intensive. 
Microsoft  recommends  that 
users  put  indexing  on  a  regu¬ 
lar  schedule  instead  of  letting 
it  run  constantly  in  the  back¬ 
ground. 

Peter  O’Kelly,  an  analyst  at 
Burton  Group  Inc.  in  Midvale, 
Utah,  said  he  thinks  some  of 
the  sluggishness  is  related 
to  Microsoft  letting  users 


Notes  on  Notes  8 


■  The  standard  version  of 
Notes  8  leverages  Eclipse 

and  AJAX  and  includes  all 
new  features  and  user  interface 
improvements. 

■  Users  with  less-powerful 
PCs  will  be  able  to  run  the 
software  in  a  basic  mode 

that  lacks  many  of  the  user 
interface  modifications. 

■  IBM  plans  to  release 
Notes  8  for  Windows  and 
Linux  first;  a  Macintosh  ver¬ 
sion  is  scheduled  to  follow  a 
few  months  later. 


by  others,  according  to  Head. 

For  instance,  an  e-mail 
threading  feature  in  Notes  8 
lets  users  preview  messages  in 
a  thread  and  rearrange  them 
to  stack  the  most  important 
ones  on  top.  Head  said  that  im¬ 
proves  upon  Gmail’s  threading, 
which  lets  users  view  mes¬ 
sages  only  based  on  the  most 
recent  one  sent  or  received. » 


download  RSS  feed  data  into 
Outlook’s  in-box  file,  which  is 
stored  as  a  .pst  or  .ost  file. 

Adding  RSS  feeds  can 
quickly  swell  a  user’s  in-box 
file  to  more  than  2GB  of  data, 
according  to  O’Kelly.  He  said 
that  causes  Outlook  2007  to 
write  to  the  hard  drive  much 
more  often  than  it  typically 
would,  especially  when  the 
e-mail  software  is  running 
on  PCs  that  don’t  have  large 
amounts  of  memory. 

Last  month,  Microsoft  post¬ 
ed  a  technical  help  document 
on  its  customer  support  Web 
site  offering  advice  on  solving 
the  .pst  and  .ost  file  problems. 
For  example,  it  recommends 
that  users  reduce  the  sizes  of 
their  .pst  and  .ost  files  by  delet¬ 
ing  e-mails  and  splitting  up 
large  files  into  smaller  ones 
while  archiving  older  messages. 

Asked  whether  any  fixes 
would  appear  in  Outlook 
2007’s  first  service  pack 
release,  a  Microsoft  spokes¬ 
woman  said  that  the  company 
“is  definitely  looking  at  how  to 
fix  this  issue”  but  otherwise 
declined  to  comment. » 


Outlook  2007  Users  Critical  of  Slow  Performance 
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Management  solutions  from  CA.  Our  industry-leading  1AM  gives  you  enterprise-wide  security  and  control. 

It's  what's  made  CA  the  IDC  worldwide  market  leader  in  1AM  six  years  running,  since  1999.*  How'd  we  do  that?  Well,  we're 
looking  at  IT  from  a  whole  new  perspective.  It's  unified  and  simplified,  it's  security  without  question.  And  it's  all  at  ca.com/iam. 


Transforming 
IT  Management 


*  IDC,  Worldwide  Hardware  Authentication  and  Identity  and  Access  Management 
2005  Vendor  Shares,  Doc  #203296,  Sep  2006. 
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By  2010,  the  increase  in  expense  to  power  and  cool  servers  is  projected  to  be  approximately  four  times  the 
increase  in  new  server  spending.1  The  IBM  System  x3655  Express  can  help  control  rising  energy  costs  starting 
today.  How?  It  comes  with  an  ingenious  technology  called  PowerExecutiva™  which  allows  you  to  allocate 
power  to  each  server,  helping  to  optimize  and  save  you  money.2  Only  IBM  has  it.  The  x3655  is  just  one  of 
many  Express  systems  designed  for  business  performance  computing.  With  IBM,  innovation  comes  standard. 
So  why  waste  energy  on  anything  else? 

AUTOMATICALLY  PUTS 
YOUR  BUSINESS  INTO 
ENERGY-SAVING  MODE. 


IBM  System 

Mission-critical  availability  and  performance  in  an  affordable  package. 


Monitor  power  consumption  and  allocate  power  where  needed  with  PowerExecutive 

64GB  maximum  low-power  DDR2  memory 

Choose  flexibility  and  robust  I/O  configuration  with  IBM  extended  I/O 


Featuring  the  Next-Generation  AMD  Opteron™  processor  with  AMD  PowerNow!™  technology 
Limited  warranty:  3  years  on-site3 

From  $2,359*  or  $61/month 


AMDiJ 


Opteron 


’All  prices  are  IBM's  estimated  retail  selling  prices  as  of  January  16. 2007.  Prices  may  vary  according  to  configuration  Resellers  set  their  own  prices,  so  reseller  prices  to  end 
users  may  vary.  Products  are  subject  io  availability.  This  document  was  developed  tor  offerings  in  the  United  States.  IBM  may  no!  otter  the  products,  features,  or  services 
discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features. 
Contact  youi  IBM  representative  or  IBM  Business  Partner  lor  the  most  current  pricing  in  your  geography.  1  Based  on  “IDC,  'The  Impact  of  Power  and  Cooling  on  Data  Center 
infrastructure.'  Document  #201722,  May  2006,"  page  six,  which  highlights  that  a  rapidly  rising  server  installed  base  is  projected  to  drive  an  increase  in  the  cost  of  power  and 
cooling  over  the  next  five  years.  2  PowerExecutive  can  help  save  power  during  periods  o!  lower  utilization.  3.  IBM  hardware  products  are  manufactured  from  new  parts,  or 
new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  For  a  copy  ot  applicable  product  warranties  visit  ibm.com/servers/support/machine._warranties 
or  write  to.  Warranty  Information,  RO  Box  12195,  RTP,  NC  27709,  Attn.  Dept.  JDJA/8203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  oi 
services,  including  those  designated  as  ServerProven  or  CilisterProven,  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to 
diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only  lor  selected  components  4.  IBM  Global  Financing  offerings  are 
provided  through  IBM  Credit  LLC  in  the  United  Stales  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly 
payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly 
payments.  Other  restrictions  may  apply.  Rales  and  otter  ings  are  subject  to  change,  extension  or  withdrawal  without  notice.  Information  about  non-IBM  products  is  obtained 
tram  he  manufacturers  oi  those  products  or  their  published  announcements.  IBM  has  nol  tested  those  products  and  cannot  confirm  the  performance,  compatibility,  or  any 
■  mer  claims  related  lo  non-IBM  products.  Questions  on  the  capabilities  ot  non-IBM  products  shrfuld  be  addressed  to  ihe  suppliers  ot  those  products.  5.  Remote  Supervisor 
Adapter  (RSA)  II  Slimline  ran  enhance  your  ability  io  manage  your  server  via  an  active  network  connection  to  the  server  as  well  as  through  an  optional  dedicated  network 
connection  to  Ihe  RSA  II  Slimline.  To  manage  servers  in  different  locations,  you  must  have  htlp  or  WAN  access  to  the  server  via  the  RSA  II  SiimUne.  6.  Offer  subject  to 
ire  complete  terms  ot  Ihe  IBM  Remote  Supervisor  Adaptef  Promotion.  Offer  can  be  withdrawn  by  IBM  at  any  time  without  notice.  IBM.  the  IBM  logo,  PowerExecutive  and 
System  x  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  Ihe  United  Slates  and/or  other  countries.  AMD,  the  AMO  logo,  AMD 
PowerNow!  and  AMD  Opteron  are  trademarks  ot  Advanced  Micro  Devices,  Inc  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  others 
©200/  IBM  Corporation.  All  rights  reserved 


30%  OFF  IBM  REMOTE 
SUPERVISOR  ADAPTER  II 
SLIMLINE 

Remote  control:  Manage  a  server 
from  a  different  floor.  A  different 
building.  Or  a  different  city.5 
With  an  advanced  yet  simplified 
remote  management  system  for 
IBM  System  x™  servers.  Now  at 
30%  off  through  March  30 6 


1  866-872-3902 

mention  6N7AH02A 
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Juniper  Execs  Quit 
After  Restatement 

Two  executives  resigned  from 
Juniper  Networks  Inc.  just  days 
after  the  firm  restated  financials 
following  an  investigation  into 
stock  option  practices.  Robert 
Dykes,  chief  financial  officer,  and 
Robert  Sturgeon,  executive  vice 
president  of  the  service-layer 
technology  group,  quit  March  12, 
according  to  documents  filed 
with  the  U.S.  Securities  and 
Exchange  Commission.  The 
documents  said  the  resignations 
were  “in  connection  with  the 
ongoing  review  of  the  company’s 
growth  plans  and  requirements 
to  achieve  desired  scale.” 


Microsoft  issues 
‘Nonsecurity’  Patches 

Though  Microsoft  Corp.  did  not 
unveil  any  new  security  fixes  on 
last  week’s  Patch  Tuesday,  it  did 
push  out  four  patches  it  deemed 
“nonsecurity,  high  priority,” 
including  the  usual  monthly  re¬ 
vamp  of  the  Malicious  Software 
Removal  Tool  and  new  signa¬ 
tures  for  the  Outlook  2003  and 
Outlook  2007  antispam  filters. 


SEC  Charges  Former 
Nortel  Executives 

The  SEC  has  filed  fraud  charges 
against  four  former  Nortel 
Networks  Corp.  executives: 
Frank  Dunn,  who  was  CEO  and 
CFO;  Douglas  Beatty,  CFO  and 
controller;  Michael  Gollogly,  con¬ 
troller;  and  MaryAnne  Pahapill, 
assistant  controller.  The  SEC 
accused  the  executives  of  twist¬ 
ing  accounting  practices  to  make 
it  seem  that  Nortel  was  meeting 
Wall  Street  expectations. 


Trend  Micro  Acquires 
Security  Tool 

Trend  Micro  Inc.  has  bought 
antispyware  tool  HijackThis  from 
Merijn  Bellekom  for  an  undis¬ 
closed  price.  The  freeware  tool 
lets  users  create  a  log  file  of  text 
and  registry  settings  to  pinpoint 
spyware,  which  they  can  then 
eradicate.  Trend  Micro  plans  to 
offer  HijackThis  beta  Version  2.0 
from  its  TrendSecure.com  secu¬ 
rity  portal. 


EON  THE  MARK 


HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  BUZZ  BY  MARK  HALL 


S0A  Testing 
Goes  Beyond . . . 


. . .  Web  services.  Or  it  should.  That’s  the  view  of  Chief 
Geek  John  Michelsen,  the  top  technologist  at  iTKO 
Inc.  in  Dallas.  He  reminds  anyone  who  will  listen  that 
while  service-oriented  architecture  (SOA)  is  associ¬ 
ated  with  Web  services,  the  technologies  are  not  inter¬ 


dependent.  “Web 
services  are,  after  all, 
middleware,”  he  says, 
adding,  “SOA  can  be 
built  without  Web 
services.”  He  points 
to  SOA  applications 
built  using  CORBA, 
enterprise  service 
buses  and  other  technologies. 
As  such,  SOA  quality  assur¬ 
ance  tools  should  go  beyond 
testing  WSDL,  SOAP,  XML 
and  the  rest  of  the  Web  servic¬ 
es  alphabet  soup.  Michelsen 
says  with  some  glee  that  SOA 
apps  “can  be  a  heterogeneous, 
complex  mess”  involving  a 
mix  of  Web  services  and  other 
middleware  that  can  stump 
traditional  or  Web-services- 
only  testing  processes.  LISA, 
iTKO’s  wizard-based  testing 
software,  models  how  an  SOA 
should  perform  —  regardless 
of  how  it’s  built  —  and  evalu¬ 
ates  the  effects  of  the  different 
services  within  the  applica¬ 
tion.  Michelsen  says  LISA 
gives  QA  engineers  a  single 
tool  to  analyze  and  stress- 
test  an  SOA  app,  no  matter 
what  the  mix  of  middleware 
involved  in  its  construction. 


Version  4,  due  this 
summer,  adds  test 
procedures  for  engi¬ 
neers  to  ensure  that 
your  SOA  software 
meets  your  internal 
governance  policies. 
The  complete  LISA 
test  suite  starts  at 
$5,000.  A  Web-services-only 
version  is  free  online. 

SOA  standards 
should  embrace . . . 

. . .  the  world  of  continuous  events. 

Not  everything  in  life  happens 
in  a  steady  stream  of  synchro¬ 
nous  actions.  So,  why  should 
software  standards?  John 
Bates,  vice  president  of  prod¬ 
ucts  at  Apama  Inc.,  a  division 
of  Progress  Software  Corp.  in 
Bedford,  Mass.,  argues  that 
vendor  and  industry  groups 
need  to  create  Web  services 
standards  for  what  he  calls 
continuous  event  processing 
(CEP).  “Composite  [SOA]  ap¬ 
plications  would  be  better  if 
they  were  event-based,”  he 
contends.  Bates  points  to  an 
SOA  trading  system  through 
which  external  fluctuating 
market  data  could  be  flowing 


$18.48 

SOA  market 
in  2012, 
predicts  market 
research  firm 
MindBranch. 


BATES: 

CEP  needs  to 
be  part  of  Web 
services 
standards. 


in  real  time 
while  a  risk 
management 
module  is 
calculating 
the  impact  of 
Buy  and  Sell 
options  and 
a  compliance 
program  is 
checking  on 
how  changes 
to  an  investment  strategy  af¬ 
fect  corporate  and  regulatory 
policies.  Bates  calls  this  the 
“new  physics  of  computing,” 
because  instead  of  storing 
data  and  then  querying  it,  you 
stream  CEP  data  through  poli¬ 
cies  and  apply  the  rules  in  an 
asynchronous  manner  as  the 
conditions  shift.  Today,  there 
are  no  Web  services  standard 
methods  for  CEP.  Bates  ex¬ 
pects  that  to  change,  but  not 
until  sometime  after  this  year. 


As  software  gets 
more  complex . . . 

. . .  managing  software  teams  gets 
harder,  too.  But  starting  next 
fall  at  Carnegie  Mellon  Uni¬ 
versity’s  West  Coast  campus 
in  Mountain  View,  Calif.,  you 
can  begin  to  earn  a  master’s 
degree  in  software  engineer¬ 
ing  management.  According 
to  professor  Tony  Wasserman, 
although  many  universities 
bestow  advanced  degrees  in 
software  engineering,  “what’s 
missing  is  the  entrepreneurial 
aspect  of  it.”  Associate  Dean 
Diane  Dimeff  says  CMU  West 
polled  hiring  managers  in 
large  and  small  companies, 
vendors  and  end  users  alike, 
who  said  they  desperately 
needed  software  developers 
who  could  imagine  worlds  be¬ 
yond  coding 
and  “think 
like  market¬ 
ing,  finance 
and  other 
people  in  the 
business.” 

Wasserman 
adds  that 
technolo¬ 
gists  must 


JUNE1 

Deadline  to 
apply  for  mas¬ 
ter  of  software 
management 
program 
at  Carnegie 
Mellon’s  West 
Coast  campus. 


also  look  beyond  the  latest 
programming  fad,  be  it  SOA 
or  agile  development,  and  “re¬ 
view  software  methodologies 
and  decide  which  is  best  for 
the  company  and  its  culture.” 
A  boon  for  business,  sure,  but 
Dimeff  also  points  to  the  dandy 
boost  an  advanced  degree  can 
give  your  career.  Wasserman 
says  the  curriculum  is  practi¬ 
cal,  with  students  engaged  in 
team-based  projects.  Dimeff 
recommends  applying  early. 

IT  feeds  operations 
with  data . . . 

. . .  and  it’s  time  to  get  some  in 
return.  Despite  the  amount  of 
information  IT  systems  pour 
into  operations  —  from  sup¬ 
ply  chain  systems  to  CRM 
data  —  users  know  precious 
little  about  what’s  happening 
on  the  manufacturing  floor, 
observes  Brian  Culler,  chief 
technology 
officer  at  San 
Francisco- 
based  Arch 
Rock  Corp.  He 
argues  that’s 
because  oper¬ 
ations  systems 
mostly  run  on 
proprietary 
networks. 

But  if  they 
used  the  industry-standard 
Internet  Protocol,  that  might 
change.  And  Culler  hopes  that 
will  happen  with  the  arrival 
next  quarter  of  the  Arch  Rock 
Primer  Pack/IP.  Now  in  beta, 
the  tool  is  based  on  the  IEEE 
802.15.4  standard  for  low- 
power  wireless  communica¬ 
tions.  That  means  data  from 
sensors  on  the  manufacturing 
floor  can  now  flow  over  your 
IP-based  corporate  network 
and  more  easily  be  included 
in  other  IP-based  applications. 
Plus,  you  can  use  the  same 
TP  security,  management  and 
monitoring  tools  used  else¬ 
where.  Culler  brags  that  the 
tool  will  make  “low-power  de¬ 
vices  first-class  citizens  of  the 
enterprise  intranet.”  Pricing 
starts  at  $4,995.  > 


V  SQfilPUTERWORLD  March  19, 2007 


BRIEFS 


Microsoft  Files  New 
Trademark  Suits 

Microsoft  Corp.  has  filed  two 
new  lawsuits  against  groups 
it  has  accused  of  registering 
domain  names  that  are  similar 
to  certain  Microsoft  trademarks. 
The  company  filed  a  suit  against 
Maltuzi  LLC  for  allegedly  reg¬ 
istering  large  blocks  of  domain 
names  that  included  some 
similar  to  Microsoft  brands.  The 
second  lawsuit  was  filed  against 
54  unnamed  individuals  for  cy¬ 
bersquatting.  Microsoft  also  said 
it  has  settled  three  similar  suits. 


HP  Updates  PCs 
To  EPA  Standards 

Hewlett-Packard  Co.  has 
tweaked  three  of  its  computers 
to  qualify  for  the  U.S.  Environ¬ 
mental  Protection  Agency’s 
Energy  Star  4.0  label.  The  move 
comes  just  four  months  before 
federal  regulators  apply  strin¬ 
gent  new  efficiency  standards 
to  desktop  PCs.  The  HP  Compaq 
dc5700,  dc5750  and  dc7700 
can  now  switch  into  sleep  or  idle 
modes  faster  than  existing  mod¬ 
els  and  use  an  80%-efficient 
power  supply  compared  with  the 
current  65%  to  75%  efficiency. 


Cisco  to  Purchase 
NeoPath  Networks 

Cisco  Systems  Inc.  has  acquired 
file-area  networking  company 
NeoPath  Networks  Inc.  for  an 
undisclosed  sum.  Cisco  will 
add  NeoPath’s  technology  into 
its  Service-Oriented  Network 
Architecture.  The  technology  will 
establish  a  tighter  link  between 
file-based  data  and  network  ac¬ 
celeration,  Cisco  said. 


Microsoft  Updates 
Windows  Server  OS 

Microsoft  has  quietly  released 
what  it  calls  a  major  update  to 
its  server  operating  system.  Ser¬ 
vice  Pack  2  is  designed  to  make 
Windows  Server  2003  more 
stable  and  secure.  The  update 
has  been  in  beta  since  November 
and  was  tested  by  twice  as  many 
users  as  Microsoft’s  previous 
Service  Pack  1  update,  which 
was  released  in  March  2005. 
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Calif.  CIO  Steers  Clear  of 
Ideology  on  File  Formats 


Kelso  says  state  is  looking  at  document 
choices  ‘as  a  straight  business  decision’ 


BY  CAROL  SLIWA 

N  LATE  FEBRUARY,  a 
California  state  assem¬ 
bly  member  proposed  a 
bill  that  would  mandate 
the  use  of  open,  XML-based 
document  file  formats  by  state 
agencies.  That  made  California 
the  third  state  in  which  such 
legislation  has  been  introduced 
so  far  this  year.  In  an  interview 
at  Computerworld’s  Premier 
100  IT  Leaders  Conference  in 
Palm  Desert,  Calif.,  this  month, 
California  CIO  J.  Clark  Kelso 
said  state  officials  are  trying 
to  view  the  issue  of  using  open 
file  formats  “as  a  straight  busi¬ 
ness  decision,”  not  an  ideologi¬ 
cal  battle.  Excerpts  from  the 
interview  follow: 

Are  open  document  formats  the 
most  critical  issue  for  you,  or  is 
it  more  important  for  the  state  to 
get  to  open-source  software?  We 

don’t  view  this  in  California 
as  some  sort  of  ideological 
struggle  between  big,  compet¬ 
ing  visions  of  the  future.  We’re 
trying  to  view  it  as  a  straight 
business  decision.  What  are 
the  costs  associated  with 
one  approach  over  another? 
Does  it  serve  all  of  our  busi¬ 
ness  needs?  If  it  doesn’t  serve 
a  business  need,  how  do  we 
satisfy  that  business  need? 
We’re  trying  to  view  this  just 
as  a  plain-vanilla,  nonpartisan, 
nonideological  issue. 

I  feel  like  I  have  to  say  that, 
because  in  the  open-source 
community,  there’s  a  little  bit 
of  the  ideological  approach. 

It’s  part  of  their  community¬ 
building  experience.  Open 
documents  is  a  little  bit  dif¬ 
ferent  from  that,  particularly 
when  you  bring  in  concerns 
that  the  government  has  about 
preserving,  on  a  100-year  basis, 
archival  information.  We  have 
to  take  a  serious  look  at  what 
is  in  the  state’s  best  interests. 


Belgium’s  national  government 
plans  to  adopt  the  OpenDocument 
format,  but  one  IT  executive  there 
told  me  it  couldn’t  do  so  without 
ODF  plug-ins  for  Microsoft  Office. 
Do  you  feel  the  same  way?  Our 
installed  base  of  Office  right 
now  is  so  huge,  we  could  not 
just  overnight  or  within  the 
course  of  one  year  make  that 
sort  of  a  transition.  If  we’re 
going  to  move  in  a  particular 
direction,  we  have  to  be  think¬ 
ing  about  how  we  transition  to 
that  new  state  [in]  three,  four 
or  five  years.  It  may  be  that  in 


the  interim,  we  have  to  adopt 
something  that  is  transitional. 
But  I  frankly  see  this  as  still  a 
very  fluid  issue  in  the  market¬ 
place.  I  don’t  know  that  I  need 
to  make  a  decision  today. 

Right  now,  with  the  intro¬ 
duction  of  [Windows]  Vista, 
it’s  a  little  window  of  oppor¬ 
tunity  to  try  to  step  back  and 
re-evaluate  a  little  bit.  I  do 
have  a  concern  about  how  long 
we  will  be  able  to  maintain 
and  use  our  existing  Office 
suite.  But  the  history  has  been, 
so  long  as  customers  push 
back  —  and  I  think  on  this  one, 
we’re  going  to  see  some  push- 
back  —  Microsoft  will  end  up 
having  to  support  the  existing 
base  of  Office  users  for  quite 
some  time.  There  are  alterna¬ 
tives  right  now  in  the  market¬ 
place,  and  that’s  going  to  keep 
Microsoft  honest. 


Governments  often  have  more- 
limited  alternatives  because  of 
laws  requiring  them  to  provide 
software  that  is  accessible  to 
people  with  disabilities.  Are  you 
over  a  barrel  there?  A  little 
bit  over  a  barrel,  although 
governments  are  not  100% 
compliant  right  now  with 
[Americans  With  Disabilities 
Act]  requirements.  We  are 
definitely  going  to  bring  our¬ 
selves  into  compliance  [with] 
all  of  our  applications  —  the 
way  we  present  documents 
to  the  public  and  the  way  our 
own  employees  use  them. 
That’s  going  to  be  a  continu¬ 
ing  struggle.  It  is  something 
that  the  open-document,  open- 


source  people  need  to  be  fo¬ 
cusing  on,  because  we’ve  got  a 
requirement. 

Do  you  have  any  preference  be¬ 
tween  ODF  and  Microsoft’s  Office 
Open  XML  file  format?  No.  Cer¬ 
tainly  we’re  moving  toward 
things  that  are  more  open. 
We’re  doing  some  service- 
oriented  architecture.  We’re 
doing  what  we  can  to  break 
from  that  cycle  of  essentially 
vendor  lock-in  associated  with 
proprietary  systems.  There 
has  to  be  interoperability. 

In  theory,  open,  XML-based 
formats  can  free  customers  to 
switch  office  application  suites 
and  possibly  save  money.  Do 
you  see  that  as  one  of  the  main 
benefits  of  moving  to  open  for¬ 
mats?  A  little  bit.  [But]  I  never 
want  to  say  to  any  legislator 


or  to  any  governor,  “If  you 
adopt  this  technology,  sud¬ 
denly  you’re  going  to  save  a 
lot  of  money.”  Who  knows? 
What  I  think  it  does  provide 
is  flexibility,  and  that’s  what 
we  need.  We’ve  got  so  many 
different  departments,  and  the 
likelihood  of  us  ever  adopting 
a  single  standard  at  the  state¬ 
wide  level  is  pretty  remote. 
What  I’m  interested  in  is  flex¬ 
ibility  for  those  departments 
to  do  their  jobs  individually 
[and]  interoperate  with  every¬ 
body  else. 

Do  you  think  the  potential  move¬ 
ment  of  governments  to  ODF 
will  have  a  trickle-down  effect 
beyond  the  public  sector?  It  can, 
because  we’re  a  big  enough 
market.  We  can  provide  to  the 
people  who  are  innovative 
[with]  ODF,  or  open  source,  a 
market  and  some  revenues  and 
a  business  model  that  keeps 
them  going.  [But]  overall,  we 
don’t  coordinate  our  activities. 
I  can’t  coordinate  in  California 
by  itself. 

But  I  do  think  if  collectively 
we  all  emphasize  we’re  open 
to  alternatives,  that  can  en¬ 
courage  people  who  are  out 
there  thinking  of  the  next  bril¬ 
liant  idea.  I  know  from  talking 
to  the  venture  capitalists  in 
Silicon  Valley  that  those  peo¬ 
ple  are  out  there.  I  want  state 
government  to  be  one  of  the 
things  they  think  about,  that 
maybe  there’s  a  market  there. 

Have  you  considered  using  an 
online  office  suite,  such  as  Google 
Apps?  I’ve  formed  a  commit¬ 
tee  that  is  going  to  look  at  that 
issue  for  smaller  departments. 
It  may  satisfy  all  of  their  busi¬ 
ness  needs.  California  state 
government  is  huge,  but  once 
you  go  down  below  the  15  larg¬ 
est  departments,  I’ve  got  45, 

50,  60  departments  that  are 
pretty  small.  I  suspect  there 
are  going  to  be  a  lot  of  people 
looking  for  alternatives.  That’s 
what  drives  competition. » 


H  We’re  doing 
what  we  can  to 
break  from  that  cycle 
of  essentially  vendor 
lock-in  associated  with 
proprietary  systems. 

J.  CLARK  KELSO,  CIO, 

STATE  OF  CALIFORNIA 
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Integration 

Sandy  Clifford,  director  of 
market  technology  and  infor¬ 
mation  management  at  Greater 
Twin  Cities  United  Way  in 
Minneapolis.  The  nonprofit 
organization  uses  Microsoft’s 
Dynamics  GP  8.0  and  CRM 
3.0  applications  and  wants 
to  link  them  more  closely  to 
corporate  donors’  systems  to 
share  information  as  part  of 
fundraising  campaigns,  Clif¬ 
ford  said. 

Noting  that  the  CRM  soft¬ 


Integration 

Mandate 

Mici 

osoft  announced  the  fol- 

lowi 

ng  integration-related  of- 

ferii 

igs  at  Convergence  2007: 

Dyn 

amics  Sure  Step:  An  end- 

to-e 

nd  application  implementa- 

tion 

methodology,  with  a  set  of 

associated  deployment  tools 

Rea' 

1  World  SOA:  An  integration 

framework  that  uses  XML  and 

Web  services  to  tie  Dynamics 

appl 

lications  to  legacy  systems 

Dyn 

amics.Client  for  Office  and 

Sha 

rePoint  Server:  A  bundle  of 

self- 

■service  applications  with 

access  to  Dynamics  ERP  data 

ware  can  easily  share  data  via 
XML,  Clifford  said  she  hopes 
it  will  be  the  integration  model 
for  the  rest  of  the  Dynamics 
applications.  But  she  added 
that  Microsoft’s  explanations 
of  its  service-oriented  archi¬ 
tecture  (SOA)  strategy  have 
been  vague.  Clifford  said  she 
wants  the  company  to  explain 
what  it’s  doing  “in  more  practi¬ 
cal  technical  language.” 

SOA  Strategy 

At  the  conference,  Microsoft 
executives  highlighted  steps 
they’re  taking  to  make  the 
different  applications  in  the 
Dynamics  line  more  exten¬ 
sible  through  the  use  of  SOA 
technologies  and  middleware 
such  as  the  company’s  Share- 
Point  Server  collaboration 
platform. 

During  a  keynote  speech, 
Satya  Nadella,  corporate  vice 
president  of  Microsoft’s  Busi¬ 
ness  Solutions  Group,  noted 
that  the  company  has  begun 
embedding  Web  services  in¬ 
terfaces  into  its  applications. 

“We  wanted  to  make  sure 
we  support  SOA  out  of  the 
gate  for  all  of  our  products,” 
Nadella  said.  “We  did  that, 
and  now  we’re  seeing  custom¬ 
er  case  studies  where  there 
are  real-world  benefits  to 


Microsoft  Sticks  With  Separate  ERP  Apps 


SAN  DIEGO 

MICROSOFT  EXECUTIVES  last 
week  made  it  clear  that  any  plans 
the  company  had  to  move  to  a  com¬ 
mon  code  base  for  its  Dynamics  ap¬ 
plications  have  been  postponed  in¬ 
definitely.  But  they  also  downplayed 
the  notion  that  the  software  vendor 
has  backtracked  from  its  road  map 
for  pulling  its  four  ERP  product 
lines  more  closely  together. 

Two  years  ago,  at  Convergence 
2005,  Microsoft  announced  a 
two-phase  integration  initiative 
that  was  originally  called  Project 
Green.  The  first  phase  was  sched¬ 
uled  to  conclude  this  year  and 
deliver  a  common  user  interface 
based  on  desktop  products  such 
as  Outlook. 

The  expectation  was  that  in 


having  done  that.” 

Microsoft  also  offers  other 
integration  technologies,  such 
as  its  Windows  Workflow 
Foundation,  for  use  with  the 
Dynamics  software,  accord¬ 
ing  to  Microsoft  officials. 
Workflow  Foundation  is  a  set 
of  tools  designed  to  enable 
companies  to  create  seamless 
business  processes  internally 


IBM  Overhauls  Its  Bl  Strategy 


BY  HEATHER  HAVENSTEIN 

IBM  LAST  week  over¬ 
hauled  its  approach  to 
business  intelligence  by 
adding  analysis  capabili¬ 
ties  to  its  data  warehouse  and 
unveiling  BI  appliances  for 
small  and  midsize  companies. 

The  new  strategy,  dubbed 
dynamic  warehousing,  is 
described  by  IBM  officials 
as  the  “third  generation”  of 
data  warehousing;  query  and 
reporting  represented  the  first 
phase,  and  online  analytical 
processing  the  second. 

Dynamic  warehousing  aims 
to  analyze  business  data  in 
real  time  and  enable  compa¬ 
nies  to  embed  analytics  capa¬ 
bilities  into  corporate  business 
processes,  said  Marc  Andrews, 
IBM’s  director  of  data  ware¬ 
housing. 


The  new  version  of  IBM’s 
DB2  Warehouse  and  a  new 
OmniFind  Analytic  Edition 
tool  are  core  pieces  of  the 
strategy,  Andrews  said.  The 
analysis  tool  is  used  to  mine 
and  analyze  data  in  the  DB2 
Warehouse,  he  noted. 

The  updated  DB2  Ware¬ 
house,  based  on  the  DB2  9  da¬ 
tabase,  can  also  be  used  with 
IBM’s  Information  Server  data 
integration  software  for  data 
quality  and  transformation 
tasks. 

Ed  Peabody,  director  of 
technical  consulting  at  Om¬ 
nium  Worldwide  Ir.c.,  said 
he  is  interested  in  looking  at 
the  updated  DB2  Warehouse 
because  of  its  ability  to  inte¬ 
grate  with  Information  Server. 
Omaha-based  Omnium  will  be 
upgrading  to  a  production  ver¬ 


sion  of  DB2  9  in  August. 

“Rather  than  me  having  to  do 
data  integration  between  [ex¬ 
tract,  transform  and  load]  proc¬ 
esses  and  build  that  semantic 
integration  layer  [for]  reporting 
and  analytical  tools,”  the  IBM 
tools  are  integrated  out  of  the 
box,  Peabody  said. 

Omnium  plans  to  use  an 
ETL  tool  from  Business  Ob¬ 
jects  SA  with  DB2  9  but  may 
opt  to  replace  it  with  Informa¬ 
tion  Server,  he  said. 

IBM  last  week  also  intro¬ 
duced  two  new  configurations 
of  its  Balanced  Configuration 
Unit  (BCU)  data  warehousing 
appliance.  One  is  built  for  mid¬ 
size  companies,  and  the  other 
is  aimed  at  small  businesses, 
IBM  said.  Earlier  versions  of 
the  appliance  were  configured 
only  for  large  customers.  * 


2008,  Microsoft  would  begin  to 
merge  the  applications  around  a 
single  code  base,  retaining  what 
it  deemed  to  be  the  best  features 
from  each  suite.  But  Tami  Reller, 
corporate  vice  president  of  busi¬ 
ness  solutions  marketing  at  Micro¬ 
soft,  said  last  week  that  there  were 
never  formal  plans  for  a  big-bang 
development  project  to  meld  the 
different  applications. 

The  company  is  centralizing 
some  of  the  development  work  that 
is  done  on  the  applications  and 
making  changes  to  their  code  bas¬ 
es  where  it  makes  sense  to  do  so, 
Reller  said.  But,  she  added,  “we're 
not  going  to  converge  the  applica¬ 
tions  for  convergence’s  sake.” 

Microsoft  quietly  repudiated 
its  plans  for  a  single  code  base 


a  year  ago  but  didn’t  adequately 
publicize  the  decision,  said  Joshua 
Greenbaum,  an  analyst  at  En¬ 
terprise  Applications  Consulting. 
Company  officials  were  concerned 
that  customers  wouldn’t  buy  new 
applications  while  waiting  for  the 
converged  products  to  become 
available,  Greenbaum  said. 

The  idea  was  to  merge  the 
applications,  said  Sandy  Clifford, 
director  of  market  technology  and 
information  management  at  Greater 
Twin  Cities  United  Way.  But  she’s 
confident  the  various  applications 
will  eventually  be  pulled  together. 

“At  a  technical  level,  it's  about 
the  Microsoft  products  connecting 
in  a  seamless  way,”  Clifford  said. 
"That’s  what  is  in  the  game.” 

-  MARC  L.  SONGINI 


and  with  external  partners 
using  SOA  as  well  as  content 
and  document  management 
technologies. 

Microsoft  is  at  least  mak¬ 
ing  an  effort  to  improve  its 
integration  support,  although 
it  should  have  more  tools  to 
offer  at  this  point,  said  Bob 
Castle,  CIO  at  Roland  DGA 
Corp.,  an  Irvine,  Calif.-based 
distributor  of  printing  prod¬ 
ucts  that  runs  Dynamics  GP 
9.0  and  CRM  3.0. 

According  to  Castle,  Work- 
flow  Foundation  won’t  be 
supported  in  Dynamics  GP 
until  the  release  of  Version 
10.0,  which  was  formally  an¬ 
nounced  last  week  and  is 
scheduled  to  ship  in  June.  Sim¬ 
ilarly,  he  said  he  was  told  that 
the  workflow  tools  won’t  be 
supported  in  Dynamics  CRM 
until  Version  4.0  of  that  prod¬ 
uct  becomes  available,  which 
is  expected  by  year’s  end. 

Better  integration  capabili¬ 
ties  are  a  must,  Castle  added. 
“The  applications  are  feature- 
rich  but  have  to  go  across  the 
enterprise,”  he  said.  For  exam¬ 
ple,  Roland  DGA  has  a  list  of 
50  different  business  processes 
that  it  wants  to  automate.  But, 
Castle  said,  doing  so  would 
require  linking  the  Microsoft 
applications  to  other  systems 
within  the  company. 

Joshua  Greenbaum,  an  ana¬ 


lyst  at  Enterprise  Applications 
Consulting  in  Berkeley,  Calif., 
said  users  are  pressuring 
Microsoft  for  better  integra¬ 
tion  tools  because  it  has  start¬ 
ed  selling  the  midmarket- 
oriented  Dynamics  applica¬ 
tions  to  larger  customers. 

“The  Dynamics  base  has 
largely  been  insulated  from 
complex  application  integra¬ 
tion,”  Greenbaum  said.  “As 
Microsoft  moves  up  into  the 
enterprise,  they  have  to  say 
that  they’ve  put  this  integra¬ 
tion  stuff  into  their  stack  and 
that  it’s  cheap  and  easy  to  use.” 

Further  increasing  the 
pressure  on  Microsoft  is  the 
fact  that  SAP  AG  and  Oracle 
Corp.,  its  two  main  rivals  in 
the  corporate  applications 
market,  are  aggressively 
pushing  their  own  lines  of 
middleware  tools  as  central 
elements  in  their  respective 
product  offerings. 

Although  Microsoft  has 
been  releasing  integration 
technologies,  they’re  more 
“building  blocks”  than  easy- 
to-use  links  at  this  point,  said 
Richard  Apgar,  a  vice  presi¬ 
dent  at  Advanced  Electronic 
Solutions  in  El  Cajon,  Calif. 

Apgar  said  Microsoft  needs 
to  deliver  on  its  integration 
promises.  “They’re  good  at  the 
proposal  —  but  don’t  leave  us 
at  the  altar,”  he  said.  ► 


For  all  stories  go  to  www.microsoft.eom/getthefacts 


je  Mtglflfl  ^Reliable  (limes 


VOLUME  1  -  ISSUE  2 


Windows  Server*2003 


WINDOWS  SERVER  TAKES 
CHECKERED  FLAG  OVER  LINUX 
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Tom  Nagy  for  The  Highly  Reliable  Times 


THE  CONTIDROM,  CONTINENTAL  AG’s  storied  test  track  located 
near  Hanover,  Germany. 

BREAKING  NEWS: 

“  Windows  Server  provides  a  reliable 
environment  with  centralized 
administration  and  management. 

Duplicating  this  level  of  service  in 
a  Linux-based  environment  would 
have  been  very  difficult 

-  Paul  Schwefer,  CIO,  Continental  AG 


New  System  Gives  Global  Automotive 
Supplier  99.9%  Reliability 


By  MICHAEL  BETTENDORF 


HANOVER,  Jan.  2007  - 
“We  needed  rock-solid  reli¬ 
ability,  and  wc  weren’t  getting 
it  from  our  legacy  infrastruc¬ 
ture”  says  Paul  Schwefer, 
CIO  at  Continental  AG,  one 
of  the  world’s  largest  auto¬ 
mobile  suppliers  with  over 
85,000  employees  worldwide. 
Inadequate  management  tools 
made  it  difficult  for  Schwefer’s 
team  to  keep  system  uptimes 
at  the  high  levels  expected  at 
Conti  nental  AG,  so  a  change  in 
platform  was  necessary. 

Initially,  a  Linux  solution 
was  considered.  However, 
after  a  thorough  evaluation, 
Schwefer’s  team  determined 
that  Linux  could  not  deliver 
the  reliable,  predictable 
environment  Continental  AG 
required.  Instead,  they  chose 
to  use  Microsoft®  Windows 
Server®  2003. 

With  key  features  of 
Windows  Server  2003  such  as 


group  policy  management, 
Schwefer  found  clear  advan¬ 
tages  over  a  Linux-based  solu¬ 
tion.  “Windows  Server  pro¬ 
vides  a  reliable  environment 
with  centralized  administra¬ 
tion  and  management,”  said 
Schwefer,  who  believes  that 
superior  manageability  leads 
to  high  reliability.  “Duplicating 
this  level  of  service  in  a  Linux- 
based  environment  would  have 
been  very  difficult  and  more 
costly,”  he  says. 

The  decision  has  proven 
successful:  Since  the  imple¬ 
mentation,  Windows  Server 
2003  has  provided  99.9% 
reliability  in  a  distributed 
environment  for  Continental 
AG.  For  the  full  Continental 
AG  case  study,  plus  other 
case  studies  and  independent 
research  findings  on  the 
reliability  of  Windows  Server 
versus  Linux,  visit  us  online 
at  microsoft.com/getthefacts 


BREAKING  NEWS:  Reliability  linked 
to  cheerfulness  in  IT  professionals 

In  a  trend  with  global  implications,  IT  professionals  such  as 
Continental  AG’s  Paul  Schwefer  (pictured  at  left)  show  obvious 
signs  of  exuberance.  -  Continued  on  Page  B3 
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Time  Change  Goes  Forward 
Without  Major  Disruptions 


Most  systems 
keep  ticking  after 
early  start  of  DST, 
IT  managers  say 


BY  TODD  R.  WEISS 

HE  EARLY  switch  to 
daylight-saving  time 
(DST)  on  March  11 
appeared  to  arrive 
without  major  troubles  for  IT 
operations.  But  many  staff¬ 
ers  stayed  up  late  to  carefully 
monitor  the  time  change  in 
data  centers.  And  a  Gartner 
Inc.  analyst  said  some  compa¬ 
nies  had  to  make  fixes  manu¬ 
ally  in  order  to  beat  the  clock. 

According  to  reports  from 
IT  managers  and  workers  after 
the  change  took  effect,  system 
glitches  were  few,  and  the  ones 
that  did  occur  were  minor. 

For  example,  Michael  Leon- 
hardt,  an  infrastructure  ar¬ 
chitect  at  Building  Materials 
Holding  Corp.  (BMHC)  in  San 
Francisco,  said  staffers  found  a 
time-related  problem  on  an  in¬ 
ternal  log-viewing  application 
that  uses  an  embedded  version 
of  Sun  Microsystems  Inc.’s 
Java  Runtime  Environment. 
The  issue  went  undetected 
during  testing,  Leonhardt  said. 
“Other  than  that,  everything 
went  smoothly,”  he  added. 

But  the  DST  conversion 
work  wasn’t  easy,  according  to 
Leonhardt.  The  effort  took  its 
toll  on  BMHC’s  operations,  he 
said,  noting  that  the  IT  team 
at  the  supplier  of  building  ma¬ 
terials  and  home  construction 
services  had  “to  stop  work  on 
business  initiatives  and  proj¬ 
ects  to  divert  the  necessary 
resources”  to  DST  work. 

Online  auction  house  uBid 
Inc.,  which  relies  on  correct 
time  stamps  for  the  thousands 
of  auctions  and  buy-it-now 
sales  it  processes  daily,  didn’t 
experience  any  IT-related 
problems  after  the  clocks  were 
turned  ahead. 

“We  made  it  just  fine 


through  the  daylight-saving 
time  transition,  and  the  world 
hasn’t  ended,”  Sally  Dahl,  vice 
president  of  customer  and 
seller  operations  at  Chicago- 
based  uBid,  said  via  e-mail. 

Dahl  attributed  much  of  the 
success  of  her  company’s  DST 
preparations  to  patching  and 
maintenance  work  that  was 
done  for  uBid  by  Rimini  Street 
Inc.,  an  IT  services  firm  that 
provides  support  for  some  of 
Oracle  Corp.’s  applications. 

The  switch  to  DST,  which 
used  to  occur  during  the 
first  weekend  in  April,  took 
place  early  this  year  because 
of  federal  changes  aimed  at 
reducing  energy  costs.  The 
earlier  start  and  a  one-week 
extension  of  DST  in  the  fall 
were  signed  into  law  in  August 


PLATELETS  THAT  HELP  blood  to 
clot  have  only  a  five-day  shelf  life,  so 
every  hour  counts  for  the  American 
Red  Cross  during  the  process  of  col¬ 
lecting,  storing  and  distributing  them. 

As  a  result,  the  Red  Cross  couldn’t 
afford  to  have  any  hitches  with  the 
time  stamps  and  other  time-related 
settings  in  its  systems  when  daylight- 
saving  time  started  three  weeks 
earlier  than  it  had  in  past  years. 

To  make  sure  its  systems  worked 
properly  after  the  time  change  took 
effect,  the  nonprofit  agency  began 
grappling  with  the  DST  issue  late  last 
year.  In  mid-January,  in  the  midst  of 
the  conversion  effort,  it  hired  a  new 
chief  technology  officer,  Nida  Davis 
Roemer,  who  previously  was  chief 
enterprise  architect  at  the  Federal 
Reserve.  Her  first  major  task  at  the 
Red  Cross  was  the  time  change. 

With  an  internal  DST  readiness 
assessment  in  hand,  Roemer  set 
up  a  16-person  team  to  oversee  all 
aspects  of  the  conversion  work.  The 
team  included  a  project  manager,  a 
systems  architecture  specialist,  a 
lead  engineer  and  a  risk  manage¬ 
ment  officer,  among  others. 

The  team  met  twice  a  week  to 


2005.  But  many  vendors  didn’t 
release  patches  for  their  prod¬ 
ucts  until  the  past  few  months, 
leading  to  a  last-minute  scram¬ 
ble  within  IT  departments. 

Steve  Cooper,  CIO  at  the 
American  Red  Cross,  said  in 
an  e-mail  that  the  Washington- 
based  humanitarian  agency’s 
detailed  DST  preparations 
over  the  past  several  months 
paid  off  by  preventing  all  but 
two  minor  problems. 

“All  six  of  the  organization’s 
core  mission-critical  systems 
and  50  related  applications  are 
in  good  stead,”  Cooper  wrote. 
He  added  that  the  IT  team  fo¬ 
cused  primarily  on  those  sys¬ 
tems  before  the  time  change, 
leaving  some  less-critical 
systems  until  afterward  (see 
story  below). 


review  the  progress  being  made. 
Roemer  met  with  the  project  man¬ 
ager  every  morning  for  updates  and 
spoke  with  team  members  by  phone 
at  the  end  of  each 
workday.  “This 
was  very  helpful 
because  of  the 
level  of  complex¬ 
ity  of  the  project," 
she  said. 

The  Red  Cross 
has  a  wide  assort¬ 
ment  of  hardware 
and  software  that 
needed  to  be 
reviewed,  updated  and  tested,  and 
there  were  also  compatibility  and 
interdependency  issues  to  contend 
with.  Roemer  said  some  of  the  DST 
team  members  and  other  IT  workers 
occasionally  slept  in  the  agency’s 
data  center  while  working  nights  and 
weekends  on  the  conversion  effort. 

The  agency  identified  six  core 
applications  that  had  to  be  updated 
before  the  time  change,  along  with 
another  50  related  applications  that 
were  deemed  to  be  mission-critical. 
The  six  core  applications  included 
a  national  blood-tracking  system 


H  We  made  It  just 
fine  through  the 
daylight-saving  time 
transition,  and  the 
world  hasn’t  ended. 


SALLY  DAHL,  VICE  PRESIDENT 
OF  CUSTOMER  AND  SELLER 
OPERATIONS,  UBID  INC. 

The  two  issues  that  needed 
tending  to  after  the  switch 
involved  a  laboratory  database 
that  wasn’t  fully  configured 
and  a  password-protected 
backup  site,  Cooper  said. 

Gartner  analyst  Cameron 
Haight  said  that  as  the  DST 
deadline  neared,  preparations 
at  many  companies  took 
eleventh-hour  detours  because 


and  programs  that  the  Red  Cross 
uses  to  collect  blood-testing  results, 
maintain  records  from  blood  drive 
donations,  handle  case  manage¬ 
ment  during  disasters  and  process 
its  e-mail. 

Altogether,  the  agency  has  about 
200  applications  in  use,  and  158 
of  them  needed  remediation,  said 
Roemer.  The  biggest  challenges 
involved  the  e-mail  servers  and  ap¬ 
plications  that  are  based  on  the  Java 
Runtime  Environment.  She  said  the 
JRE  applications  were  complicated 
“because  there  are  so  many  different 
versions”  of  the  Sun  Microsystems 
software  that  required  updating. 

Meanwhile,  IT  workers  had 
to  fix  168  e-mail  servers  running 
Exchange  Server  2003.  Updates  to 
162  of  the  systems  went  well,  but  six 
had  problems  that  were  still  being 
investigated  by  Red  Cross  staffers 
last  week.  “We  had  mixed  results,” 
Roemer  said. 

To  provide  information  about  the 
DST  project  to  the  agency’s  35,000 
employees  and  1  million  volunteers, 
the  IT  team  built  a  Web  portal  that 
uses  Microsoft  SharePoint  collabora¬ 
tion  software.  Content  available  on 
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time  was  running  out.  In  sev¬ 
eral  cases,  Haight  said,  that 
included  giving  up  on  attempts 
to  install  software  patches  and 
instead  manually  changing  ap¬ 
plications’  time  settings. 

One  problem  with  the  whole 
process,  Haight  said,  was  that 
lawmakers  didn’t  fully  recog¬ 
nize  the  consequences  of  the 
DST  change.  Even  now,  he 
noted,  Rep.  Edward  Markey 
(D-Mass.),  who  co-sponsored 
the  measure,  has  information 
on  his  Web  site  that  makes  the 
change  sound  like  a  minor  is¬ 
sue  for  users. 

“The  site  says  to  ‘point  your 
browser  to  the  Microsoft  patch 
and  download  it,’  ”  Haight  said, 
describing  that  as  too  simplis¬ 
tic  for  corporate  data  centers. 

A  spokesman  for  Markey 
said  prior  to  the  time  change 
that  the  congressman  real¬ 
ized  that  the  DST  changes 
were  “not  a  simple  change” 
for  IT  departments.  But,  the 
spokesman  said,  “the  energy¬ 
saving  benefits  are  worth  the 
changes.”  > 

m  m 

the  portal  includes  tutorials  showing 
how  users  can  update  their  own 
systems  in  local  offices. 

Another  important  tool  was  an  Ex¬ 
cel  spreadsheet  nicknamed  “the  Dig” 
that  provided  a  view  of  every  server 
by  name,  number  and  location.  It 
also  listed  each  operating  system, 
database,  application  and  piece  of 
hardware  used  by  the  Red  Cross,  as 
well  as  the  interdependencies  be¬ 
tween  them.  "Every  component  we 
needed  to  take  care  of  was  on  the 
Dig  list,”  Roemer  said. 

Two  weeks  ago,  as  the  deadline 
drew  near,  the  DST  team  was  forced 
to  bring  in  additional  people  from 
within  IT  to  get  the  compliance  work 
done  -  or  else  face  the  prospect  of 
shutting  down  applications  during 
production  usage  times.  That  wasn’t 
an  option,  according  to  Roemer. 

The  time  change  doesn’t  end  the 
agency’s  DST-related  work.  The  Red 
Cross  also  has  created  a  mobilization 
plan  to  help  it  deal  with  the  switch 
back  to  standard  time,  which  will 
start  on  Nov.  4  -  one  week  later  than 
in  previous  years. 

“It  will  be  a  regular  IT  item  for  us 
to  track  for  future  DST  changes," 

Roemer  said. 

-TODD  R.  WEISS 
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Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit;  check  with  software 
provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take  advantage  of  the 
64-bit  processing  capabilities  of  the  Dual-Core  Intel  Xeon  Processor.  Given  the  wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel’s  numbering  is  not  a  measurement  h 
higher  performance.  Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is  subject  to  change 
without  notice.  ©2007  Hewlett-Packard  Development  Company,  L.P 
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AJAX  Builds  Shippers  Better  Search  Engine 


Scheduling  service  looks  to  expand 
listings,  speed  searches  for  ships 


BY  HEATHER  HAVENSTEIN 

CEANSCHEDULES.- 
com,  whose  online 
service  lets  ship¬ 
pers  search  through 
worldwide  commercial 
ocean  carrier  schedules,  has 
launched  an  AJAX-powered 
Web  site  in  an  effort  to  ease 
the  process  of  finding  avail¬ 
able  ships  to  carry  container¬ 
ized  freight. 

Harry  Sangree,  managing 
director  of  OceanSchedules.- 
com,  said  the  Parsippany, 
N.J.-based  company  turned 
to  Asynchronous  JavaScipt 
and  XML  technology  because 
it  promised  to  significantly 
boost  the  performance  of  its 
Web-based  service.  AJAX- 
based  Web  applications  don’t 
have  to  refresh  a  page  every 
time  a  user  enters  or  receives 
new  data,  he  noted. 

In  addition,  Sangree  said, 
“we  realized  we  needed  to 
have  cool  technology  to  attract 
users  to  stop  what  they  are 


doing  now  and  to  switch”  to 
OceanSchedules.com’s  site. 

The  new  site  was  born  last 
month  as  a  piece  of  an  effort 
by  OceanSchedules.com  par¬ 
ent  firm  Inttra  Inc.  to  expand 
the  content  on  the  site  and 
thus  boost  its  user  base,  said 
Sangree. 

Inttra  builds  software  that 
manages  booking,  scheduling, 
cargo  tracking  and  other  func¬ 
tions  for  ocean  shipping  firms. 

OceanSchedules.com’s  pre¬ 
vious  site  had  let  users  search 
only  the  schedules  of  ocean 
shippers  that  paid  to  be  listed 
on  the  site,  a  method  also  used 
by  competitors’  sites,  Sangree 
said.  To  augment  that  process, 
users  had  to  search  through 
multiple  portals,  comb 
through  paper-based  sched¬ 
ules  and/or  call  individual 
carriers  to  get  complete  world¬ 
wide  timetables,  he  said. 

OceanSchedules.com  last 
May  began  the  effort  to  create 
a  site  that  could  provide  what 


Sangree  called  an  Expedia-like 
service  for  the  containerized 
freight  industry.  The  planned 
site  would  include  the  sailing 
schedules  of  all  global  carriers 
and  could  be  easily  searched, 
he  said. 

The  new  site  is  supported  by 
advertising  so  that  its  listings 
are  not  limited  to  paying  cus¬ 
tomers,  Sangree  explained. 

The  need  for  the  new  capa¬ 
bilities  may  seem  straightfor¬ 
ward,  Sangree  said,  but  the 
complexity  of  ocean  carrier 
schedules  makes  the  job  of  cre¬ 
ating  such  a  site  very  difficult. 

For  example,  he  noted  that 
for  one  week  in  March,  a  ship¬ 
per  could  choose  from  95  dif¬ 
ferent  sailings  operated  by  12 
different  carriers  for 
the  commonly  traveled 
route  of  Singapore  to 
Hong  Kong.  Changing 
a  variable  with  that 
number  of  choices 
would  require  too 
many  page  loads  using 
an  HTML-built  site 
and  would  frustrate 
users,  Sangree  added. 

The  company  first 


tried  to  build  an  AJAX-based 
prototype  site  internally  us¬ 
ing  open-source  development 
tools,  but  it  performed  inad¬ 
equately  when  accessed  from 
overseas,  Sangree  said. 

Next,  it  hired  JackBe  Corp. 
in  Chevy  Chase,  Md.,  to  build 
a  site  using  its  NQ_Suite  of 
AJAX  tools,  Sangree  said. 

The  NQ_ tools,  now  known  as 
Presto  Studio,  consolidated 
the  number  of  calls  back  to  the 
server  from  areas  such  as  Tai¬ 
wan,  Vietnam  and  Malaysia 
and  helped  solve  the  perfor¬ 
mance  problem,  he  said. 

“[JackBe’s]  environment  cre¬ 
ated  an  application  that  runs 
fast  anywhere,”  he  said.  “The 
distance  factor  doesn’t  kill 


you  like  it  did  with  the  public- 
domain  tools.” 

The  site  built  by  JackBe  con¬ 
tains  myriad  filtering  options 
that  allow  users  to  quickly 
search  the  5  million  voyage 
records  in  OceanSchedule.- 
com’s  database,  according  to 
Sangree.  Users  can  filter  data 
by  the  day  of  the  week,  transit 
time  or  carrier,  he  said. 

Since  its  launch  six  weeks 
ago,  over  16,000  new  users 
have  tried  the  system,  he  said. 

Jeffrey  Hammond,  an  ana¬ 
lyst  at  Forrester  Research  Inc., 
said  that  many  organizations 
like  Inttra  are  finding  that 
AJAX  enables  them  to  provide 
access  to  massive  amounts 
of  data  that  have  never  been 
available  on  the  Web 
before. 

OceanScheduIes.- 
com  “could  have  had 
HTML  pages  and 
tables  and  had  people 
navigate  through  that, 
but  then  customers 
wouldn’t  have  found 
much  use  of  that  and 
would  have  been  frus¬ 
trated,”  he  said.  > 
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OceanSchedules.com’s  AJAX-based  site  lets  users 
access  and  search  carrier  schedules  worldwide. 


IBM  Softens  Focus  on  Using  Linux  PCs 


BY  ELIZABETH  MONTALBANO 

As  vice  president  of  worldwide 
Linux  and  open-source  opera¬ 
tions  at  IBM,  Scott  Handy  is  one 
of  the  main  public  faces 
behind  the  company’s 
strategy  for  technolo¬ 
gies  such  as  Linux  and 
Eclipse.  Handy  spoke 
with  the  IDG  News  Ser¬ 
vice  at  the  LinuxWorld 
Open  Solutions  Sum¬ 
mit  in  New  York  last 
month  about  the  status 
of  IBM’s  own  Linux 
deployment  and  other  issues. 
Excerpts  from  the  interview 
follow: 

In  2004,  you  said  that  you  hoped 
to  have  40,000  desktop  Linux  us¬ 
ers  within  IBM  by  the  end  of  that 
year.  And  other  executives  talked 
about  the  idea  of  moving  all  em¬ 
ployees  to  Linux  systems.  How  is 


the  internal  rollout  going?  What 
we  learned  was  that  it  actually 
was  going  to  be  a  problem  for 
our  support  group  —  our  help 
desk  —  to  have  a  differ¬ 
ent  set  of  software  on 
the  Linux  side  than  they 
did  on  the  Windows 
side.  We  needed  to 
standardize  on  a  single 
programming  model  for 
the  two  environments, 
and  Eclipse  turned  out 
to  be  the  most  robust 
cross-platform  environ¬ 
ment  that  we  came  up  with.  By 
rewriting  Notes  and  Sametime, 
I  think  we’ve  achieved  with 
the  Open  Client  exactly  what 
we  needed.  [Editor’s  note:  Open 
Client  is  desktop  software  that 
IBM  introduced  last  month.] 

So  for  a  while  there,  we  real¬ 
ly  had  to  slow  down  [on  Linux]. 
And  now  the  big  drive  within 


IBM  is  to  get  everybody  on 
Open  Client.  There’s  less  con¬ 
cern  about  which  OS  you’re 
on.  We  don’t  have  a  target  [for 
Linux],  but  I  expect  Linux  us¬ 
age  will  go  up.  IBM  Research 
seems  to  prefer  Linux.  The 
China  Development  Lab  pre¬ 
fers  Linux.  We  have  whole  ge¬ 
ographies  that  seem  to  have  at 
least  a  slightly  greater  inclina¬ 
tion  for  Linux  than  other  areas 
do  —  like  Brazil  and  India. 

IBM  has  said  it  would  be  even- 
handed  in  supporting  both  Red 
Hat  Linux  and  Novell’s  SUSE 
Linux  for  customers.  What  about 
supporting  other  Linux  distribu¬ 
tions?  Overall,  our  strategy  is 
to  support  two  or  more  Linux 
distributions.  In  the  very  be¬ 
ginning,  in  ’99,  we  had  four: 
Turbolinux,  Caldera,  SUSE 
and  Red  Hat.  Over  time,  the 


business  has  consolidated 
—  certainly  on  the  server.  Over 
90%  of  the  servers  now  ship 
with  Red  Hat  or  Novell  SUSE. 

[But]  our  Linux  strategy  al¬ 
lows  us  to  support  an  addition¬ 
al  distribution.  So  if  somebody 
gets  a  big  share  —  which  is  ba¬ 
sically  saying,  if  our  customers 
start  buying  and  demanding 
another  Linux  distribution  — 
we  would  do  so.  And  we  have 
done  so  in  certain  geographies. 
We  support  Asianux  in  Asia. 

What’s  your  position  on  the  joint 
development  and  licensing  deal  No¬ 
vell  and  Microsoft  signed  last  fall? 
Has  Novell  lost  some  of  its  Linux 

credibility?  Our  perspective 
is  that  it’s  an  interesting  deal. 
Different  customers  have  dif¬ 
ferent  perspectives  on  it.  Some 
customers  —  among  the  class 
who  think  that  any  vendors 
fighting  is  a  bad  thing  —  think 
that  this  deal  is  a  good  thing. 

And  yes,  there  are  some 


people  in  the  [open-source] 
community  who  see  this  as 
partnering  with  someone  who 
is  anti-Linux.  I  think  at  the  end 
of  the  day,  the  positives  slight¬ 
ly  outweigh  the  negatives. 

This  is  a  competitive  business, 
and  Novell  is  doing  this  to  get 
a  competitive  advantage.  Let 
it  play  out  and  see  where  it’s 
going  to  go. 

Microsoft  has  questioned  IBM’s 
commitment  to  open  document 
standards,  such  as  the  Open- 
Document  format.  What’s  your 
response?  The  IBM  strategy  is 
[to  get]  behind  anything  really 
that  gets  industry  traction,  and 
ODF  has  a  tremendous  amount 
of  industry  traction.  We  have 
a  lot  of  customers  and  a  lot  of 
governments  who  are  behind 
[ODF]  and,  of  course,  vendors. 
We’ve  done  our  part;  we’ve  an¬ 
nounced  that  Lotus  Notes,  and 
the  editors  that  we  ship  with 
that,  are  ODF-compliant. » 
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Barclays  Unit  to 
Outsource  Call  Center 

LONDON 

Barclays  plc’s  Barclaycard 
credit  card  unit  has  announced 
plans  to  close  its  customer  con¬ 
tact  center  in  Manchester,  England, 
and  transfer  some  of  the  jobs  there  to 
facilities  in  India. 

The  announcement  comes  just  days 
after  rival  financial  services  firm 
Lloyds  TSB  Group  disclosed  plans  to 
close  its  call  center  in  Mumbai,  India, 
and  allow  customers  to  directly  contact 
local  branches. 

Barclaycard’s  Manchester  center 
will  close  in  July,  and  630  jobs  will  be 
transferred  to  facilities  in  Mumbai  and 
Delhi,  India,  and  in  Teesside,  England. 

“Decisions  like  these  are  never  easy, 
and  we  will  be  doing  everything  we 
can  to  support  those  affected,”  said 
Barclaycard  CEO  Antony  Jenkins. 
“Barclaycard’s  business  is  becoming 
more  global,  and  to  stay  successful, 
we  must  change  how  we  operate  to 
reflect  this.” 

A  spokeswoman  for  the  credit  card 
operation  denied  that  the  move  to  In¬ 
dia  was  strictly  for  financial  reasons. 
However,  she  added,  “it’s  streamlining 
our  operations,  and  the  organizational 
restructure  will  ensure  we  are  able  to 
continue  to  operate  effectively.” 

■  TASH  SHIFRIN,  COMPUTERWORLD  U.K. 

China  Tightening  Net 
Access  Control,  U.S.  Says 

SINGAPORE 

The  Chinese  government  took 
steps  during  2006  to  increase  its 
control  and  monitoring  of  Inter¬ 
net  access  by  the  country’s  growing  In¬ 
ternet  population,  the  U.S.  Department 
of  State  said  in  a  human 
rights  report  released 
this  month. 

“While  the  govern¬ 
ment  continued  to  en¬ 
courage  expanded  use 
of  the  Internet,  it  also 
took  steps  to  monitor  its 
use,  control  content,  re¬ 
strict  information,  and 
punished  those  who 
violated  regulations,” 
the  report  said. 

The  report  cited  sev¬ 
eral  steps  taken  by  the 
Chinese  government, 
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including  establishing  stricter  require¬ 
ments  for  Web  site  registration,  greater 
official  control  over  content  and  a  wid¬ 
er  definition  of  what  constitutes  illegal 
activity  online. 

China’s  Internet  users,  estimated 
at  140  million  by  the  China  Internet 
Network  Information  Center,  have  not 
eroded  the  government’s  ability  to  con¬ 
trol  access  to  content  it  deems  undesir¬ 
able,  said  the  State  Department. 

The  report  noted  that  “tens  of  thou¬ 
sands  of  persons”  monitor  the  Internet 
in  China.  The  report  also  said  that  the 
Chinese  government  has  enlisted  the 
help  of  domestic  and  multinational 
companies  to  restrict  access  to  infor¬ 
mation  on  the  Internet. 

■  SUMNER  LEMON,  IDO  NEWS  SERVICE 

Microsoft  Signs  First 
EU  Protocol  License 

BRUSSELS 

ICROSOFT  CORP.  earlier  this 
month  signed  up  the  first  li¬ 
censee  for  the  workgroup  server 
protocols  the  European  Commission 
ordered  it  to  make  available  to  com¬ 
petitors  in  a  2004  antitrust  ruling. 

The  licensee,  Aliso  Viejo,  Calif.- 
based  Quest  Software  Inc.,  said  it 
plans  to  use  Microsoft’s  User  and 
Group  Administration  protocol  set  in 
products  based  on  Microsoft’s  Active 
Directory.  Quest  said  the  protocols  will 
improve  links  between  its  products  and 
Unix,  Linux  and  Java  authentication 
systems. 

Quest  develops  software  for  Active 
Directory  administration  and  data  re¬ 
covery,  along  with  tools  for  application, 
database  and  server  administration. 

The  companies  signed  the  licensing 
deal  on  March  1,  the  same  day  the  EC 
sent  Microsoft  a  “statement  of  objec¬ 
tions”  about  the  prices  it 
planned  to  charge  ven¬ 
dors  to  license  the  proto¬ 
cols.  Quest  nevertheless 
agreed  to  pay  the  full 
list  price  —  5.25%  of  net 
revenue  on  the  products 
that  use  the  protocols, 
according  to  a  Microsoft 
spokesman. 

The  EC  ordered 
Microsoft  to  create  the 
Work  Group  Server 
Protocol  Program  in  its 
March  2004  antitrust 
ruling  that  found  Mi¬ 


crosoft  had  abused  its  position  in 
the  desktop  operating  system  market. 

It  also  ordered  Microsoft  to  pay 
€497  million  (about  $600  million  U.S. 
at  the  time)  in  fines. 

■  PETER  SAYER,  IDG  NEWS  SERVICE 

EDS  to  Buy  Indian 
Software  Testing  Firm 

BANGALORE,  INDIA 

Electronic  data  Systems  Corp. 
last  week  agreed  to  acquire  RelQ 
Software  Pvt.,  a  Bangalore-based 
software  testing  company,  for  an  un¬ 
disclosed  sum. 

EDS  said  it  is  looking  for  the  private¬ 
ly  held  firm  to  improve  its  applications 
testing,  validation  and  verification,  and 
quality  assurance  services. 

The  deal  is  expected  to  close  in  May. 
Re  IQ’s  700  workers  in  India,  the  U.K., 
the  U.S.  and  France  are  expected  to  join 
the  EDS  global  testing  organization. 

RelQoffers  testing  of  real-time  and 
embedded  applications  for  clients  look¬ 
ing  to  deploy  applications  throughout 
a  large  organization.  The  company 
primarily  targets  the  banking,  financial 
services,  telecommunications  and  con¬ 
sumer  electronics  industries. 

The  acquisition  is  the  latest  in  a  se¬ 
ries  of  moves  by  Plano,  Texas-based 
EDS  to  strengthen  its  position  in  India. 
EDS  last  year  acquired  a  majority  stake 
in  Indian  outsourcer  MphasiS  BFL  Ltd. 
and  then  announced  plans  to  merge  its 
own  Indian  services  subsidiary  with 
that  company. 

■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 

LogicaCMG  Opens 
RFID  Test  Lab 

SYDNEY,  AUSTRALIA 

LogicaCMG  PLC  this  month 

opened  an  RFID-based  warehouse 
in  Sydney  that  it  said  will  allow 
businesses  to  simulate  and  evaluate  ra¬ 
dio  frequency  identification  projects. 

Its  Innovation  Warehouse,  adapted 
from  a  similar  LogicaCMG  complex  in 
the  Netherlands,  will  simulate  ware¬ 
house  and  transport  scenarios  using 
forklift,  handheld  and  fixed-mount 
RFID  readers  to  demonstrate  the  suit¬ 
ability  of  the  technology,  according  to 
the  London-based  systems  integrator. 

LogicaCMG  Australia  CEO  Colin 
Holgate  said  the  company  expects  that 
the  warehouse  will  boost  RFID  adop¬ 
tion  in  Australia  by  allowing  business¬ 
es  to  experiment  with  the  technology. 

■  DARREN  PAULI, 

COMPUTERWORLD  AUSTRALIA 

Compiled  by  Mike  Bucken. 
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Briefly  Noted 

Serco  Group  PLC,  a  Hook,  England- 
based  IT  services  firm,  has  apologized 
and  agreed  to  pay  any  costs  resulting 
from  the  theft  of  one  of  its  laptops, 
which  contained  sensitive  data  on 
more  than  16,000  Worcestershire 
County  Council  employees  in  England. 
The  laptop  held  names,  addresses,  na¬ 
tional  insurance  and  bank  account  de¬ 
tails  of  current  and  former  municipal 
employees.  Serco  is  building  a  new 
human  resources  and  payroll  system 
for  the  county. 

■  TASH  SHIFRIN, 

COMPUTERWORLD  U.K. 


The  Chinese  government  last  week 
gave  Intel  Corp.  permission  to  build 
a  $2.5  billion  (U.S.)  chip  manufac¬ 
turing  plant  in  Dalian.  The  plant  will 
produce  semiconductors,  includ¬ 
ing  microprocessors,  according  to 
China’s  National  Development  and 
Reform  Commission.  The  plant  will 
have  a  monthly  production  capacity 
of  52,000  wafers,  it  said.  An  Intel 
spokesman  declined  comment  on 
the  company’s  plans. 

■  SUMNER  LEMON, 

ID6  NEWS  SERVICE 


Palm  Inc.  has  announced  plans  to 
open  a  research  and  development 
center  in  Shanghai.  Engineers  at  the 
facility  will  work  to  incorporate  local 
language  capabilities  into  Palm  smart 
phones  and  to  accelerate  the  delivery 
of  next-generation  smart  phones  to 
mobile  operators,  partners  and  cus¬ 
tomers  worldwide. 

■  STEVEN  SCHWANKERT, 

ID6  NEWS  SERVICE 


Qualcomm  Inc.  and  Samsung  Ven¬ 
ture  Investment  Corp.  have  each 
invested  $8  million  (U.S.)  in  Advanced 
Micro-Fabrication  Equipment  Inc. 
(AMEC),  a  Shanghai-based  developer 
of  equipment  used  to  manufacture 
semiconductors.  The  investments 
were  part  of  $43  million  in  funding 
raised  by  AMEC  since  last  October. 

■  SUMNER  LEMON, 

IDG  NEWS  SERVICE 


Swisscom  AG,  Switzerland’s  largest 
telephone  company,  has  offered  to 
buy  Italian  Internet  company  Fastweb 
SpA  for  €3.7  billion  ($4.9  billion  U.S.). 
Fastweb  provides  fixed-network 
service  to  more  than  1  million  cus¬ 
tomers  in  130  Italian  cities.  Fastweb 
acknowledged  receiving  the  offer  and 
said  it  is  interested  but  has  not  yet 
decided  whether  to  accept  it. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 
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LAURIE  ORLOV 


The  Real  Champions 


Warehousing  Co.,  had  the  courage  to 
speak  out  against  Microsoft  strong- 
arm  tactics  that  he  found  so  objec¬ 
tionable,  he’s  looking  to  convert  to  an 
Apple  platform.  And  I  wrote  of  how 
former  Massachusetts  CIO  Louis 
Gutierrez  spoke  candidly  about  his 
fight  for  open  office  document  stan¬ 
dards  and  the  equally  objectionable 
lobbying  practices  Microsoft  had  en¬ 
gaged  in  to  undermine  those  efforts. 

Who,  then,  are  the  real  champions 
of  alternatives  to  Microsoft?  These 
outspoken  IT  leaders,  or  the  outra¬ 
geous  otherworld? 

I’m  firmly  convinced  that  Micro¬ 
soft’s  dominance  is  at  least  in  part 
attributable  to  the  recklessness  and 
mindlessness  of  its  most  vociferous  as¬ 
sailants.  The  more  the  voice  of  reason 
—  think  Frantz  and  Gutierrez  and,  say, 
Dan  Agronow,  the  CTO  who  champi¬ 
oned  The  Weather  Channel’s  adoption 
of  Linux  —  is  drowned  out  by  the 
perpetual  buzz  of  fanaticism,  the  less 
likely  it  will  be  that  alternatives  to  Mi¬ 
crosoft  are  given  serious  consideration. 

So  here’s  a  heads  up  for  the  person 
who  used  that  fake  e-mail  address  to 
state  his  case:  For  as  long  as  your  way 
of  thinking  represents  the  alternative, 
the  Microsoft  you  hate  so  much  will 
continue  to  wim^^ 


WHEN  Computer-world’ s  Eric  Lai 

posted  an  article  about  Micro¬ 
soft’s  Most  Valuable  Professionals 
summit  on  our  Web  site  last 
week,  it  wasn’t  long  before  accu¬ 
sations  that  we  were  pandering  to  Microsoft  began  to 
appear  in  the  story’s  Comments  section. 


“Do  you  honestly  be¬ 
lieve  that  anyone  who 
even  demonstrates  a  small 
shred  of  critical  thinking 
is  going  to  buy  the  gar¬ 
bage  in  this  article?”  asked 
one  reader,  who  called 
Microsoft  an  “atroc¬ 
ity  unleashed  onto  the 
world.”  Another  reader, 
whose  subject  line  asked, 

“Did  Microsoft  buy  Com- 
puterworld  too?”  chided 
that  Lai’s  article  was 
written  from  the  perspec¬ 
tive  of  Microsoft’s  sales  apparatus. 

I  have  no  problem  with  readers 
expressing  those  views.  For  one  thing, 
we’re  labeled  as  Microsoft  bashers 
often  enough  that  being  hit  from  the 
other  side  is  an  indicator  of  balance  in 
our  reporting.  I’m  also  confident  that 
any  fair-minded  person  who  reads 
Lai’s  article  would  agree  that  it’s  a 
well-reported  account  of  who  these 
MVPs  are  and  what  they  do,  and  that 
it  was  neither  particularly  favorable  to 
nor  critical  of  Microsoft.  So  I  suspect 
that  those  comments  were  dismissed 
by  most  as  tiresome  rants  from  the 
crowd  of  all-too-conforming  “non¬ 
conformists”  who  see  Bill  Gates  as 
evil  incarnate  and  Microsoft  as  his 
weapon  of  mass  destruction. 

I  do  have  a  problem  with  the  mean- 
spirited,  personal  attacks  that  some  of 
these  people  make  behind  a  cloak  of 
anonymity.  One  comment  that  painted 
Lai  as  a  Microsoft  toady  had  to  be  re¬ 
moved  from  our  site  because  of  vulgar 
language.  Our  policy  is  to  contact  the 
person  who  posted  it  and  explain  that 
it  has  to  be  pulled  —  not  because  of 
the  opinion  expressed,  but  because 
of  the  vulgarity  —  and  we  invite  him 
to  repost  his  comment  without  that 


DON  TENNANT  is  editor 
in  chief  of  Computerworid. 
Contact  him  at  don.tennant® 
computerworid.com. 


language.  In  this  case,  we 
were  thwarted  by  the  fact 
that  the  person  used  a 
fake  e-mail  address,  so  we 
were  unable  to  reach  him. 

Hiding  in  the  shadows 
of  anonymity  is  a  stan¬ 
dard  operating  procedure 
of  the  loose-knit  corps 
of  Microsoft  haters  that 
thrives  on  making  these 
mindless,  myopic  attacks. 
It’s  nothing  new  —  I  re¬ 
member  years  ago  being 
branded  as  a  “Bill  Gates 
love  slave”  by  an  anonymous  Linux 
proponent  because  I  dared  to  question 
the  sensibility  of  the  cult-like  follow¬ 
ing  that  Linus  Torvalds  was  attracting. 

Now,  contrast  that  approach  with 
the  one  I  wrote  about  in  my  editorial 
last  week.  I  recounted  the  proceed¬ 
ings  of  a  presentation  at  our  recent 
Premier  100  IT  Leaders  Conference, 
in  which  Dale  Frantz,  CIO  of  Auto 


CIOs  Must 
Transcend 
Expectations 

IOs,  LISTEN  UP:  Your 
boss  is  pleased  with 
the  job  you’re  doing. 
The  trouble  is  that  CEOs 
don’t  expect  a  whole  lot 
from  IT. 

A  recent  survey  conducted  by  For¬ 
rester  Research  found  that  CEOs 
are  generally  satisfied  with  the  role 
IT  plays  in  the  organization.  But  the 
study  also  showed  that  while  they 
would  like  IT  leadership  to  drive 
business  innovation  or  lead  process 
improvement,  less  than  one-third  of 
CEOs  really  expect  IT  leadership  to 
be  proactive  in  either  area.  And  more 
than  half  of  the  CEO  respondents  said 
they  were  unimpressed  with  IT’s  abil¬ 
ity  to  track  and  report 
on  people  and  equip¬ 
ment  assets. 

The  limited  expec¬ 
tations  CEOs  have  of 
IT  leadership  threat¬ 
en  to  stunt  IT’s  con¬ 
tributions,  resulting 
in  an  IT  organization 
that  may  be  averse  to 
taking  risks  or  even 
rising  to  the  level  of 
visibility.  Certainly, 
some  of  the  burden  of 
guilt  lies  with  CEOs, 
who  must  educate 
themselves  about  technology  and  the 
prospective  value  IT  can  deliver  to 
the  business.  They  must  demand  that 
CIOs  take  more  of  a  leadership  role  in 
the  organization,  give  the  CIO  more 
of  a  voice  on  the  executive  team  and 
in  the  organization  as  a  whole,  and 
transform  themselves  into  tech-smart 
executives  who  can  look  beyond  IT 
fads  to  see  the  real-world  technology 
that  underpins  the  success  of  firms 
they  admire. 

If  you  are  a  passive  IT  executive  — 
one  whose  CEO  is  happy  but  doesn’t 
think  that  IT  offers  leadership  in 
areas  of  business  innovation,  process 
improvement  or  asset  management 
—  you  must  boost  your  aspirations  for 
IT’s  contribution.  A  positive  initiative 
from  you  will  drive  an  increase  in 
your  CEO’s  expectations  of  IT. 
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One  thing  you  can  do  is  strengthen 
your  relationship  with  other  busi¬ 
ness  leaders  in  the  organization. 

Here  are  three  steps  CIOs  can  take 
to  do  that: 

■  If  you're  resting  on  the  laurels  of  the 
CEO’s  low  expectations,  stand  up.  If  the 

gap  between  high  satisfaction  and 
low  expectations  characterizes  your 
company,  shake  off  the  lethargy  and 
brainstorm  with  your  staff  about  what 
can  and  should  be  done  differently. 
Move  IT  practices  and  processes  to  a 
higher  level  of  maturity  and  stability, 
making  sure  that  IT  is  well  connected 


to  business  strategy  and  that  busi¬ 
ness  stakeholder  relationships  are  well 
managed. 

■  If  you’re  doing  more  than  the  CEO 
can  see,  market  it.  If  part  of  the  gap 

in  the  perception  of  IT  leadership  is 
simply  ignorance  of  the  impact  that 
IT  is  having  on  the  business,  your  first 
task  is  to  improve  communication. 
Help  the  CEO  understand  IT  in  busi¬ 
ness  terms,  mapping  recent  business 
improvements  to  their  underlying  IT 
enablers.  For  example,  if  an  IT  project 
accelerated  the  speed  of  servicing  a 
customer,  make  sure  that  the  boss 


knows  and  can  speak  knowledgeably 
about  it. 

■  If  the  CEO  and  top  executives  don’t 
understand  IT,  educate  them.  Get  on  the 

agenda  of  an  executive  off-site  gather¬ 
ing  so  you  can  provide  an  overview 
of  IT’s  basic  vocabulary  and  current 
capabilities  —  answering  any  and  all 
questions  and  brainstorming  about 
future  possibilities.  If  you  don’t  take 
on  the  task  of  educating  the  CEO  and 
other  executives  about  the  business  im¬ 
pact  of  technology,  no  one  else  is  likely 
to  pick  up  the  slack. 

It  is  clear  that  IT  and  business 


initiatives  and  strategies  will  increas¬ 
ingly  have  to  intertwine  and  overlap 
—  forging  a  new  business/technology 
organization  and  making  the  bound¬ 
aries  between  business  and  IT  more 
permeable.  But  to  get  there,  CIOs  will 
have  to  shatter  stigmas  associated  with 
IT  and  forge  stronger  relationships 
with  the  top  decision-makers  in  their 
organizations.  ► 

WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.compuferworld.com/columns 


READERS’  LETTERS 


Dongles  Won’t  Cure 
All  Password  Woes 

I  HAVE  TO  disagree  with  Frank 
Hayes’  assertion  that  USB  don¬ 
gles  are  the  answer  to  the  problems 
posed  by  the  traditional  password 
[“Passwords  -  Why?"  Frankly 
Speaking,  Feb.  5],  First,  as  some¬ 
one  who  does  some  help  desk  work, 
I  tail  to  see  how  each  password 
reset  could  cost  $20.  Hayes  didn’t 
explain  how  he  arrived  at  that  figure. 

Also,  he  states  that  “we’ll  have  to 
teach  users  to  treat  USB  dongles 
like  their  car  keys.”  If  we  have  failed 
to  impress  upon  users  the  impor¬ 
tance  of  treating  their  passwords 
like  their  car  keys  or  credit  card 
numbers,  how  on  earth  are  we  go¬ 
ing  to  convince  them  that  their  USB 
dongle  is  more  valuable  than  their 
password?  Other  problems  posed 
by  USB  dongles:  the  lack  of  USB 
ports  on  the  front  of  computers,  us¬ 
ers  forgetting  their  dongles  at  home 
(much  more  expensive  than  a  pass¬ 
word  reset),  users  leaving  them  in 
their  PCs  overnight,  and  the  dongle 
going  through  the  washer  and  dryer. 
Don  Spidell 

Technical  support,  Residential 
Warranty  Co.,  Harrisburg,  Pa., 
admin@donnyspi.com 


USB  SECURITY  dongles  are  a 
great  idea  in  theory,  but  they’re 
doomed  to  failure  in  practice.  The 
problem  isn’t  that  passwords  are 
insecure;  it’s  that  users  don’t  care 
about  security.  They  might  treat 
dongles  like  their  car  keys,  but  a  lot 
of  people  lose  their  car  keys  on  a 
regular  basis.  A  sizable  portion  of 
users  will  simply  leave  their  dongles 
plugged  into  their  work  computer’s 
USB  port. 


I  would  argue  that  biometric 
security  is  much  better  -  you  can’t 
misplace  your  fingerprints  or  irises 
-  but  not  without  problems.  While 
you  can’t  hack  a  fingerprint,  you  can 
hack  the  image  of  the  fingerprint  the 
computer  is  checking  your  finger 
against.  And  if  that  biometric  data 
does  get  hacked  (as  some  of  it  inevi¬ 
tably  will),  it  would  be  much  harder 
to  change  it  and  prevent  further 
hacking.  In  other  words,  biometrics 
will  take  identity  theft  to  a  whole 
new  level  of  hassle  for  the  innocent- 
yet-compromised  user. 

Aaron  Read 
Technical  director, 

Cambridge,  Mass. 


THERE’S  A  fundamental  prob¬ 
lem  with  using  something  like  a 
USB  dongle  in  place  of  a  password: 
By  inserting  a  dongle  into  your  com¬ 
puter,  you  are  effectively  authorizing 
your  computer  to  act  as  you  in  any¬ 
thing  it  sees  fit  to  go  off  and  do. 

Now,  if  you  could  trust  your  com¬ 
puter  to  only  go  off  and  do  those 
things  you  asked  of  it,  that  would 
be  fine.  But  in  a  world  full  of  viruses, 
just  how  happy  will  you  be  when 
a  virus  uses  the  authorization  you 
gave  your  machine  to  transfer  mon¬ 
ey  out  of  your  bank  account  to  some 
secret  account  in  the  Third  World? 
As  long  as  your  computer  isn’t  trust¬ 
worthy,  are  you  willing  to  grant  it  the 
ability  to  act  in  your  stead  without 
even  asking  your  permission?  That's 
like  presigning  all  your  blank  checks. 

At  the  least,  any  such  device 
should  require  you  to  do  something 
that  software  cannot  fake  to  indicate 
your  agreement.  A  button  on  the 
dongle  that  must  be  pushed  before 
it  lets  your  secrets  out  would  be  a 
good  start.  (And  don't  let  someone 


sell  you  on  a  dongle  with  a  button 
that  can  be  read  only  by  software  on 
the  computer.  That  adds  nothing.) 

Dongles  and  equivalent  devices 
can  be  part  of  a  solution  to  some 
problems.  They  are  not  the  solu¬ 
tion  to  all  problems  -  and  they  are 
particularly  not  to  be  viewed  as  a 
solution  without  first  understanding 
just  what  the  problem  actually  is. 
Jerrold  Leichter 
White  Plains,  N.Y., 
leichter@lrw.com 


I  MUST  DISAGREE  with  Hayes’ 
contention  that  USB  keys  are  bet¬ 
ter  than  passwords.  It’s  much  easier 
to  steal  a  USB  key  than  it  is  to  steal 
a  password. 

At  my  company,  we  continually  re¬ 
inforce  to  users  that  passwords  are 
personal  and  not  to  be  shared  with 
anyone,  period.  If  a  supervisor  asks 
for  a  user’s  password,  the  user  is 
empowered  to  say  no.  We  constant¬ 
ly  drum  into  managers’  heads  that 
all  they  need  to  do  is  call  IT  and  we 
will  get  them  what  they  need  with 
minimum  fuss.  If  users  had  USB 
keys,  we  would  not  be  as  able  to 
control  the  situation.  For  the  same 
reasons,  we  also  resist  the  call  for 
single  log-on.  With  single  log-on,  all 
a  ne'er-do-well  would  have  to  do  is 
steal  one  password  to  have  access 
to  the  user’s  entire  set  of  data. 

By  requiring  separate  log-ons  for 
the  network,  e-mail  and  mainframe 
access,  we  more  effectively  protect 
our  data  resources.  Inconvenient  for 
the  user?  Probably.  I  hear  about  it 
every  day.  But  security  isn’t  conve¬ 
nient.  It’s  more  important  than  that. 
Larry  Fugate 

Senior  PC  coordinator,  Citizens 
Equity  Federal  Credit  Union, 
Peoria,  III. 


Reader  Welcomes 
Dell’s  Linux  News 

VERY  DELL  laptop  and 
desktop  I've  ever  purchased  or 
used  has  had  Linux  on  it,  installed 
by  me  and  configured  to  use  all  of 
the  devices’  hardware  [“Hey,  Dude, 
Could  That  Be  Linux  on  Your  Dell?” 
Computerworld.com,  Feb.  24],  I  usu¬ 
ally  wipe  Windows  XP  off  of  these 
devices  (Windows  2000  in  a  VM 
works  better  for  me).  I  would  wel¬ 
come  any  effort  by  Dell  to  improve 
its  product  line  and  let  us  configure 
our  own  computers  our  way,  not 
necessarily  Microsoft’s  way.  It’s  high 
time  Microsoft  stopped  being  the 
sole-source  vendor  for  operating 
systems. 

Chris  Ahlstrom 

Principal  analyst,  ARINC  Inc., 
Charleston,  S.C. 


One  for  the  Wall 

I  HAVE  BEEN  in  IT  for  over  42 
years,  and  the  Feb.  26  IT  Mentor 
column,  “25  Time-Tested  Truths 
About  IT  Support,"  by  Robert  C. 
Anderson,  was  one  of  the  best  ar¬ 
ticles  I’ve  ever  seen.  Every  company 
should  have  these  up  on  the  wall  for 
all  IT  personnel  to  see  and  require 
all  employees  to  read  many  of  them. 
Steven  R.  Fisher 

Manager,  Integration  Test  Group, 
Automated  Financial  Systems, 
Exton,  Pa. 


FRANK  HAYES  must  not  un¬ 
derstand  what  the  Society  for 
Information  Management  is  doing  in 
its  Future  Potential  in  IT  programs 


[“Time  to  Reinvent  IT,”  Frankly 
Speaking,  March  5].  FPIT  is  about 
advocacy  for  the  college  training 
that  is  needed  to  work  in  business 
in  America.  There  will  always  be  IT 
jobs  in  America,  and  there  will  al¬ 
ways  be  business  jobs  that  will  use 
information  management  knowl¬ 
edge  gained  in  college  programs. 

So,  as  SIM  says,  the  focus  is  no 
longer  solely  on  programming  skills. 
Business  and  project  management 
skills  are  becoming  more  important 
for  the  IT  jobs  of  the  future.  Accord¬ 
ing  to  a  recent  study  released  by 
SIM,  only  two  of  the  top  10  skills 
needed  are  technical. 

FPIT  is  a  program  created  by  SIM 
and  Microsoft  to  educate  students 
and  schools  on  the  facts  surround¬ 
ing  the  IT  job  market.  There  is  an 
increasing  demand  for  qualified  IT 
workers  in  the  U.S.  and  not  enough 
skilled  workers  to  meet  the  demand 
of  the  IT  job  marketplace. 

Perhaps  Hayes  will  join  the  effort 
to  make  sure  that  the  right  courses 
are  being  offered  in  American 
universities  and  help  encourage 
students  to  take  IT  and  business 
courses  that  will  help  them  to  lead 
America  in  a  fiercely  competitive, 
global  marketplace. 

John  Howland 

President,  Seattle  chapter  of  SIM, 
North  Bend,  Wash. 

COMPUTERWORLD  welcomes  com¬ 
ments  from  its  readers.  Letters  will 
be  edited  for  brevity  and  clarity.  They 
should  be  addiessed  to  Jamie  Eckie, 
letters  editor,  Computerworld,  PO  Box 
9171, 1  Speen  Street,  Framingham, 
Mass.  01701.  Fax:  (508)  879-4843. 
E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 


SIM:  IT  Is  Not  Just 
Tech  Anymore 


Innovations  by  InterSystems 


Embed  Cache.  The  gold  standard  of  object  databases 


When  you  embed  Cache  in  your  applications,  they  become  more  valuable.  Cache  dramatically 
improves  speed  and  scalability  while  decreasing  hardware  and  administration  requirements.  This 
innovative  object  database  runs  SQL  queries  faster  than  relational  databases. 

And  with  InterSystems’  Unified  Data  Architecture™  technology,  Cache  elimi¬ 
nates  the  need  for  object-relational  mapping.  Which  means  Cache  doesn’t  just 
speed  up  the  performance  of  applications,  it  also  accelerates  their  development. 

Cache  is  available  for  Unix,  Linux,  Windows,  Mac  OS  X,  and  OpenVMS  -  and  it  also  supports 
MultiValue  development.  Cache  is  deployed  in  more  than  100,000  systems  ranging  from  two 
to  over  50,000  users.  Embed  our  innovations,  enrich  your  applications. 


InterSystems  f 

CACHE 


Download  a  free,  fully  functional,  no-time-limit  copy  of  Cache,  or  request  it  on  CD,  at  InterSystems.com/Cache22A 


©2007  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Cache  is  a  registered  trademark  oflntcrSystems  Corporation.  3-07  ValCachc22CoWo 
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Keeping  Secrets  in  a  WikiBlogTubeSpace 

World.  How  IT  is  offsetting  the  risk  of 
employees  in  cyberspace.  PAPE  26 

IM  Confidential.  Instant  messaging’s 
security  complex.  PAGE  32 

Opinion:  Columnist  Mark  Hall  is  angry 
that  CIOs  are  too  timid  to  tackle  the 
problem  of  secure  messaging.  PACT.  4*8 


SPECIAL 

REPORT 


Setting  security  rules 
in  the  new  Web  world. 


EDITOR’S  NOTE 

YOUR  EMPLOYEES  might  be  blogging 

right  now,  as  you  read  this.  Or  visiting 
a  wiki  site,  checking  out  MySpace  or 
sending  instant  messages.  Best  case? 
Your  bright,  tech-savvy  employees 
are  creating  and  collaborating.  Worst 
case?  Those  same  employees  are  unleashing 
company  secrets  or  damaging  your  business’s 
reputation.  It’s  a  conundrum  that  pits  IT  security 
managers  and  their  instinct  to  protect  informa¬ 
tion  against  companies’  desire  to  take  full  advan¬ 
tage  of  the  newest  technologies  and  attract  the 
best  technical  minds. 

Not  surprisingly,  response  to  Web  2.0  is  as  var¬ 
ied  as  companies  themselves.  Financial  services 
firms,  banks  and  other  businesses  in  highly  regu¬ 
lated  industries  tend  to  ban  such  online  activities 
outright;  others  swing  the  other  way,  with  few 
restrictions  and  light  oversight. 

But,  alas,  most  companies  fall  somewhere  in 
the  sticky  middle  —  trying  their  best  to  restrict 
activities  that  expose  them  to  undue  risk  while 
letting  their  employees  experience  the  full  cre¬ 
ative  benefits  of  the  Web  2.0  world. 

Many  organizations  are  now  figuring  out  how 
to  develop  these  custom-fit  rules.  Our  exclusive 
survey  of  IT  executives  shows  that  just  over  half 
have  already  made  that  first  effort,  implementing 
policies  to  regulate  employees’  use  of  social  and 
networking  sites  and  instant  messaging.  And  of 
those  companies  that  do  have  policies  in  place, 
76%  prohibit  those  activities  altogether. 

Are  total  bans  the  right  approach?  For  some, 
yes,  and  for  others,  no.  In  the  following  pages, 
you’ll  read  stories  about  companies  that  have 
wrestled  with  that  question  and,  in  the  process, 
figured  out  the  policy  that  works  best  for  them. 
And  as  these  companies  know,  it’s  not  just  about 
applying  a  technology  fix;  a  big  part  of  the  an¬ 
swer  is  effectively  communicating  those  policies 
to  employees. 

In  the  end,  as  surely  as  you  have  employees, 
you  have  Web  2.0  security  concerns.  There’s  no 
ignoring  the  issues,  and  there’s  no  boilerplate  for 
addressing  them,  either.  But  we  hope  you’ll  draw 
a  few  policy  ideas  from  the  experiences  of  the 
organizations  profiled  in  this  issue. 

Because  as  Michael  Miller,  Global  Crossing’s 
vice  president  of  security,  says,  “If  you  spend 
all  your  time  blocking  it,  people  will  find  ways 
around  it.”  ► 


Ellen  Fanning  is  special  reports  editor  at 
Computerworld.  She  can  be  contacted  at 
ellen_fanning@computerworld.com. 
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WHEN  THE  media  rela¬ 
tions  department  at 
Global  Crossing  Ltd. 
first  started  planning 
a  company-sponsored 
external  blog  last  year, 
Michael  Miller,  vice  president  of  secu¬ 
rity  at  the  telecommunications  services 
provider,  made  sure  he  was  involved  in 
the  conversation. 

“The  normal  reaction  for  most 
people  in  a  security  organization  is, 
‘How  do  we  restrict  this  activity?’  ”  he 
says.  “But  we  wanted  to  clearly  articu¬ 
late  some  guidance  around  blogging  in 
terms  of  what  the  employee’s  responsi¬ 
bility  is,  what’s  permissible,  what  isn’t. 
If  you  spend  all  your  time  blocking  it, 
people  will  find  ways  around  it.” 

Miller’s  response  strikes  at  the  heart 
of  the  corporate  debate  over  how  to 
minimize  the  security  risks  opened  up 
by  blogging,  social  networking,  video 
sharing  and  other  interactions  that 
fall  under  the  Web  2.0  umbrella.  Com¬ 
panies  are  wrestling  with  a  multitude 
of  issues,  such  as  whether  to  restrict 
employees  from  blogging  on  employer- 
owned  equipment,  whether  to  monitor 
what  blogs  say,  whether  to  steer 
blogging  activity  toward  a  company- 
sponsored  blog  and  how  to  set  up 
parameters  around  these  activities. 
There’s  also  the  question  of  whether  to 
open  the  corporate  network  to  the  wild 
and  woolly  worlds  of  MySpace.com, 
iTunes,  Flickr  and  YouTube. 

“Sites  like  MySpace  and  YouTube 
are  new  ways  for  companies  to  get  in¬ 
fected  by  malicious  code  —  viruses  or 
spyware  —  and  other  scams,”  says  Ara¬ 
bella  Hallawell,  an  analyst  at  Gartner 
Inc.  Examples  include  the  Yamanner 

Continued  on  page  28 


keeping  Secrets  in  a 
WikiBlogTubeSpace 

World 


Employees  are  sending  more  than  just  words 
ana  pictures  into  cyberspace.  Here’s  how  IT 
is  protecting  corporate  data.  By  Mary  Brandel 


t\ 

When  only  the  corner  suite  has  remote  access,  you're  missing  the  big  picture.  Microsoft® 
Exchange  Server  2007  gives  everyone  remote  access,  unified  messaging,  and  advanced 
security,  so  they  can  view  the  data  they  need  anywhere  they  go.  And  you're  seen  as  a  hero. 
See  how  Hyundai-Kia  Motors  and  other  companies  revved  up  their  communications 

at  microsoft.com/exchange  — m— . 
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Put  It  in  Writing 

Does  your  company  have  a  policy  regarding 
employee  participation  in  sites  such  as 
MySpace,  posting  to  blogs  or  wikis  during 
work  hours,  or  visiting  online  sites  such  as 
YouTube,  Pandora  and  Second  Life? 


Just  Say  No 

Does  your  company  ban  activities 
such  as  posting  to  blogs  or  visiting 
social/networking  sites? 


BASE:  113  IT  MANAGERS 


BASE:  THE  59  RESPONDENTS  WHO  SAID  THEIR 
COMPANIES  HAVE  POLICIES  REGARDING  SOCIAL  SITES 


Unscrutinized  Use 

Will  your  company  be  working 
on  a  policy  regarding  employee 
participation  in  social/networking 
sites  in  2007? 


BASE:  THE  54  RESPONDENTS  WHO 
WEREN'T  SURE  OR  SAID  THEIR  COMPANIES  DON’T 
HAVE  POLICIES  REGARDING  SOCIAL  SITES 


Continued  from  page  26 
worm,  which  hit  Yahoo  Mail  users,  and 
the  Samy  and  Spaceflash  worms,  which 
spread  among  MySpace  users. 

For  many,  the  blogging  dilemma 
comes  down  to  weighing  the  risks  and 
benefits  of  spotlighting  the  company’s 
intellectual  capital  —  the  opinions  of  its 
employees  —  and  opening  new  chan¬ 
nels  of  communication  with  its  custom¬ 
ers  without  inadvertently  leaking  valu¬ 
able  information  into  the  public  sphere. 

And  loss  of  trade  secrets  is  only 
one  type  of  threat,  according  to  Diana 
McKenzie,  chairwoman  of  the  infor¬ 
mation  technology  group  at  law  firm 
Neal,  Gerber  &  Eisenberg  LLP  in  Chi¬ 
cago.  Other  common  problems  include 
co-worker  harassment  and  defamation, 
securities  law  violations  and  intellec¬ 
tual  property  abuses,  such  as  misuse  of 
copyrights  or  trademarks. 

“It’s  not  uncommon  for  employees  to 
not  know  better  and  say,  ‘We’re  going  to 
have  great  earnings  this  month,’  during 
a  company’s  quiet  period,”  McKenzie 
says.  She  even  knows  of  a  blogger  who 
discussed  where  his  employer  planned 
to  set  up  hidden  security  cameras. 

Why  Not  Institute  a  Policy? 

Companies  can  avoid  legal  troubles 
by  creating  policies  for  blogging,  but 
not  everyone  makes  that  effort.  In  an 
exclusive  Computer-world  survey  of 
113  IT  managers,  just  over  half  of  the 
respondents  reported  that  their  compa¬ 
nies  have  policies  regarding  employee 
participation  in  social  and  networking 
sites  (see  charts  above). 

When  setting  up  a  blogging  policy, 
Hallawell  says,  IT  should  work  with 
the  legal  and  human  resources  depart¬ 
ments  to  identify  rules  that  might  limit 
how  restrictive  the  policy  can  be.  For 


example,  she  says,  some  state  laws  — 
and  some  trade  union  agreements 
—  don’t  let  companies  prevent  discus¬ 
sion  of  political  activities  or  certain 
workplace  safety  issues.  “Blogging 
raises  many  complex  and  gray  issues 


HOWTO 

Guard  Corporate 
Secrets  in  a 
Web  2.0  World 


There’s  no  surefire  way  to  completely 
eliminate  the  risk  of  information  leak¬ 
age  in  a  blogging  environment.  Due 

diligence  requires  a  multipronged 
approach  involving  defense,  de¬ 
tection  and  deterrence. 

■  Re-evaluate  whether  you  need 
to  update  your  antivirus  and  mali¬ 
cious  code  protection  for  Web 
traffic.  Consider  a  combination 
approach  recommended  by  Gartner 
that  involves  antivirus  software,  URL 
filtering,  application  controls,  Web 
site  reputation  services  and  safe 
search  technologies. 

■  Establish  a  blog  oversight 
committee  -  a  group  of  employee 
bloggers  committed  to  promoting 
blogging  within  the  company  and 
making  sure  that  the  company's 
interests  are  served. 

■  Update  acceptable-use,  ethics, 
trade-secret  and  other  employee 
policies  to  deal  with  blogs  and 
community  sites  like  MySpace  and 
YouTube. 

■  Consider  whether  to  deploy 
content  monitoring  and  filtering 
technology,  and  update  your  URL 
filtering  tools. 


for  companies,”  she  says. 

For  Miller,  pulling  together  a  blog¬ 
ging  policy  wasn’t  difficult.  He  used 
Florham  Park,  N.J.-based  Global  Cross¬ 
ing’s  existing  guidelines  regarding  eth¬ 
ics  and  acceptable  use  of  technology 
as  a  foundation  and  augmented  them 
to  allow  for  the  special  considerations 
of  blogging.  Particularly  relevant 
were  the  company’s  policies  for  use 
of  e-mail,  “which  had  a  direct  parallel 
to  blogging,  in  terms  of  confidential 
information  and  intellectual  property,” 
Miller  says. 

Basically,  the  policy  allows  all  em¬ 
ployees  to  participate  in  the  Web  2.0 
community,  including  posting  to  blogs 
and  setting  up  a  blog,  as  long  as  they 
follow  the  guidelines.  For  instance, 
bloggers  need  to  identify  themselves 
as  representatives  of  Global  Crossing 
and  include  disclaimers  saying  that  the 
views  expressed  don’t  necessarily  rep¬ 
resent  the  views  of  the  company. 

The  policy  also  includes  a  section 
on  “doing  no  harm”  that  warns  against 
inflammatory  posts.  “We  provide  guid¬ 
ance  on  taking  your  time  and  making 
sure  that  what  you’re  posting  repre¬ 
sents  you  and  what  you’re  trying  to  get 
across,”  Miller  says.  “Don’t  post  when 
you’re  feeling  hot-tempered  —  stop  and 
cool  off.” 

The  policy  is  aimed  at  anyone  who 
chooses  to  post  to  a  blog  or  set  up  his 
own  personal  blog,  but  it  also  pertains 
to  Global  Crossing’s  corporate  blog, 
which  spotlights  six  employees,  each 
dealing  with  a  specific  issue.  “We  think 
there’s  value  to  the  corporation  in  ex¬ 
panding  the  communication  boundar¬ 
ies,  but  in  a  way  that  we’re  controlling 
what’s  going  on  and  putting  the  right 
measures  in  place,”  Miller  says. 

Dune  Capital  Management  LP  takes 
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Growing  Problem 

Has  your  organization 
had  security  problems  related 
to  social/networking  sites? 


BASE:  113  IT  MANAGERS 


a  more  defensive  approach  to  Web  2.0 
security,  according  to  Alphonse  Ed¬ 
ouard,  vice  president  of  IT  at  the  New 
York-based  investment  firm.  He  uses 
QRadar  network  security  software 
from  Q1  Labs  Inc.  in  Waltham,  Mass., 
to  block  employees  from  accessing 
Web  sites  such  as  Plaxo  and  YouTube 
during  heavy  trading  times.  This  is 
as  much  a  preemptive  strike  against 
malicious  code  as  it  is  a  way  to  prevent 
overuse  of  precious  network  band¬ 
width,  he  says. 

“When  someone’s  doing  a  music 
download,  they’re  cutting  into  the  busi¬ 
ness  resource  of  someone  else  trying  to 
get  market  data,”  Edouard  says.  “So  we 
use  QRadar  to  secure  our  assets  and 
manage  resources  on  the  network.” 

QRadar  monitors  which  sites  em¬ 
ployees  are  visiting  and  generates  flow 
reports  of  uploads,  downloads  and  file 
transfers,  as  well  as  how  all  that  activ¬ 
ity  is  affecting  bandwidth.  This  capa¬ 
bility  also  helps  Edouard’s  team  spot 
problems  such  as  malware  attacking 
the  network  from  within  the  firewall. 

For  example,  a  Trojan  horse  might 
enter  the  network  through  an  e-mail 
message  and  establish  a  secure  con¬ 
nection  with  an  outside  Web  site  that 
results  in  100  pop-up  ads  streaming 
over  the  network.  Many  companies  use 
antivirus  software  to  protect  against 
this,  “but  you  only  need  one  machine 
compromised,  and  before  you  know  it, 
20  or  30  are  compromised  by  the  end  of 
the  day,”  Edouard  says.  With  QRadar, 
he  can  quickly  block  access  to  the  site 
when  he’s  alerted  to  a  suspicious  traffic 
pattern  on  the  network. 

Edouard  is  also  cautious  about  al¬ 
lowing  employees  to  install  weather¬ 
tracking  or  search  engine  tool  bars  on 
Continued  on  page  30 
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How  much  of  your  stored  data  can  you  afford  to  lose? 


How  about  none? 


Overland  ARCvault "  12  LTO-3  Autoloader 


s5012"  Qerland 

CDW  892731  S  T  O  R  A  G  E 


Storage  capacity:  4.8TB  to  9.6TB  for  backup  and  archiving 
Compact  2U  form  factor  for  cost-effective  use  of  valuable  rack  space 
Bar  code  reader,  one  LTO-3  tape  drive,  second  drive  optional 
Removable  cartridge  magazine  for  easy  offsite  storage,  12  slots 
Also  available  in  24-cartridge  and  LTO-2  configurations 


Maxell'  LTO  Ultrium  3  Tape  Cartridge 

•  Storage  capacity:  up  to  400GB  native/800GB  compressed' 

•  Rated  at  1  million  passes  per  tape 

•  Patented  ceramic-coated  metal  particle  tape 


maxell 


Ultrium3 


$77.99  CDW  712035 


Symantec  Backup  Exec  "  lid  for  Windows  Servers 

•  Delivers  continuous  protection  for  Microsoft'  Exchange  and  recovers 
critical  Exchange,  SharePoint,  SQL  and  Active  Directory  data  in  seconds 


Full  version1  $609.86  CDW  1 081 1 81 


We're  There  With  The  Storage  Solutions  You  Need. 

Today,  with  more  data  being  stored,  more  assets  are  at  stake.  At  CDW,  we're  there  with  storage  and  backup  specialists  that  will  work  with  you  to  find  the 
right  solution  for  your  setup.  Then,  we'll  draw  from  a  full  line  of  top-name  storage  technology  so  you  can  increase  capacity,  reduce  risk  and  secure  your 
data.  So  call  today  and  make  sure  your  data  and  your  company  are  secure. 


Assumes  2:1  compression.  Essential  support  includes  24  x  7  technical  phone  support  and  upgrade  insurance;  licensing  requires  a  minimum  order  of  5  licenses;  additional  agents  and  options  may  be  required,  call  your  CDW  account 
manager  for  details..  Offer  subject  to  CDW’s  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2007  CDW  Corporation 


The  Right  Tech 
CDW.com  •  800. 
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HOW  TO  NOT  BUNGLE  YOUR  BLOG 


opens  its  doors  to 
the  blogosphere,  it  opens  a  Pandora's  box  of 
potential  threats,  including  defamation  suits, 
securities  law  violations,  misuse  of  intellectual 
property  and  loss  of  trade  secrets. 

The  most  sensible  way  to  counter  those 
threats  is  to  write,  publish  and  uniformly  apply 
a  blogging  policy,  says  Gartner  analyst  Ara¬ 
bella  Hallawell.  “Companies  need  to  update 
their  acceptable-use,  trade-secret  and  other 
policies  to  deal  with  blogs  and  community 
sites,  like  MySpace  and  YouTube,”  she  says.  : 


These  companies  have  well-established 
blogging  policies: 

Sun  Microsystems  Inc. 

www.tbray.org/ongoing/When/ 

200x/2004/05/02/Policy 

IBM 

www.ibm.com/developerworks/blogs/ 

page/jasnell?entry=blogging_ibm 

Thomas  Nelson  Inc. 

http://michaelhyatt.blogs.com/workingsmart/ 

2005/03/corporate_blogg.html 

Yahoo  Inc. 

http://jeremy.zawodny.com/yahoo/ 

yahoo-blog-guidelines.pdf 

Plaxo  Inc. 

http://blog.plaxoed.com/?p=41 
Hill  &  Knowlton  Inc. 

http://blogs.hillandknowlton.com/blogs/ 

mallcook/archive/2005/05/19/279.aspx 


The  companies  above  all  have  sets  of  core 
blogging  guidelines,  although  the  wording 
of  those  guidelines  ranges  from  colorful 
(Sun)  to  straightforward  (Plaxo).  Those  ba- 
I  sic  tenets  can  be  summed  up  as  follows: 
Don’t  divulge  trade  secrets  (or  what 


Sun  calls  “the  recipe  for  one  of  our  secret 
sauces"). 

Protect  confidential  and  proprietary 
information.  IBM.  for  example,  requires  i 
gers  to  ask  permission  to  publish  someone’s 
picture  or  a  conversation  that  was  meant  to 
be  private. 

Follow  financial  laws  that  forbid  discus¬ 
sions  about  revenue,  future  product  ship 
dates,  pending  mergers,  alliances,  road  maps, 
share  price  or  business  performance. 

Respect  copyright  and  fair  use  laws. 

Don’t  post  anonymously  (or,  as  IBM  says, 
“Be  who  you  are"). 

Include  a  disclaimer  saying  that  your 
views  do  not  necessarily  reflect  those  of 
your  company. 

Remember  that  you  are  legally  respon¬ 
sible  for  your  commentary  and  that  bloggers 
can  be  held  personally  liable  for  any  commen¬ 
tary  deemed  defamatory,  obscene,  proprietary 
or  libelous. 

Ask  your  manager  if  you  have  any  ques¬ 
tions  regarding  what’s  appropriate  to  include 
in  your  blog. 

Ensure  that  your  blogging  doesn’t  in¬ 
terfere  with  your  work.  Or.  as  IBM's  policy 
states,  “Don’t  forget  your  day  job," 


These  policies  contain  some  surprises,  like 
reminders  to  “be  interesting,”  as  well  as 
advice  that  many  of  us  have  heard  since  el¬ 
ementary  school  (like  “Be  nice”  and  “Spell 
correctly”).  Here’s  a  look  at  some  of  them: 

Provide  context  to  your  argument. 
Whether  you  are  posting  in  praise  or  criticism, 
you  are  encouraged  to  develop  a  thoughtful 
argument  that  extends  well  beyond  “[Insert 
name]  is  cool"  or  "[Insert  name]  sucks.” 

SOURCE:  YAHOO 


Put  a  copyright  notice  on  your  site 
in  your  name  (“©  2005.  John  Smith”). 
SOURCE:  THOMAS  NELSON 
Be  nice.  Avoid  attacking  other  individuals 
or  companies,  You  are  welcome  to  disagree 
with  the  company’s  leaders,  provided  your 
tone  is  respectful.  If  in  doubt,  we  suggest  that 
you  “sleep  on  it"  before  posting  to  your  blog. 

SOURCE:  THOMAS  NELSON 

Be  interesting.  Writing  is  hard  work. 

There’s  no  point  doing  it  if  people  don’t  read  it. 

SOURCE:  SUN 

Write  what  you  know.  A  Solaris  architect 
who  publishes  rants  on  marketing  strategy  or 
whether  Java  should  be  open -sou reed. has  a 
good  chance  of  being  embarrassed  by  a  real 
expert  or  of  being  boring,  SOURCE:  SUN 
Expose  your  personality.  People  like  to 
know  who  is  writing  what  they're  reading.  But 
remember,  a  blog  is  a  public  place  and  you 
should  try  to  avoid  embarrassing  your  readers 
or  the  company,  source:  sun 
Quality  matters.  Use  a  spel.  checker.  If 
you're  not  design-oriented,  ask  someone  who 
is  whether  your  blog;  looks  decent,  and,  take 
their  advice  on  how  to  improve  it.  source:  sun 
Know  your  fellow  bloggers.  The  most  suc¬ 
cessful  bloggers  are  those  who.  pay  attention 
to  what  others  are  saying  about  the  topics  they 
want  to  write  about  and  generously  reference 
and  link  to  them.  Drop:  your  fellow  bloggers 
a  note  to  introduce  yourself  and  your  blog. 

SOURCE:  IBM 

Don’t  pick  fights.  Brawls  may  earn  traffic, 
but  nobody  wins;  in  the  end.  Don’t  try  to  settle 
scores  or  goad  Competitors  or  others  into 
Inflammatory  debates,  source:  ibm 
What  would  your  mother  say?  You  will 
probably  be  read  or  heard  by  people  who 
know  you.  Post  as  if  everyone  you  know  reads 
or  hears  every  word,  SOURCE:  plaxo 


Continued  from  page  28 
their  workstations.  “These  add-ins  use 
substantial  resources  and  aren’t  really 
work-related,”  he  says.  “We  prefer  they 
use  Web-based  rather  than  application- 
based  tools.” 

More  Policy  Than  Technology 

Organizations  are  more  likely  to 
use  policy  rather  than  technology  to 
control  the  risks  raised  by  Web  2.0 
technologies,  particularly  blogging,  ac¬ 
cording  to  Hallawell.  For  instance,  she 
says,  well  under  15%  of  companies  scan 
Web  traffic  for  viruses.  That’s  mainly 
because  existing  antivirus  tools  tend 
to  cause  performance  problems  and 
many  companies  don’t  think  the  threat 
is  very  high. 

A  better  option  for  protecting  your 
network  against  malicious  code  from 


Web  2.0  sites,  Hallawell  says,  is  an 
emerging  technology  she  calls  the 
“secure  Web  gateway,”  which  is  a  com¬ 
bination  of  antivirus  software,  URL  fil¬ 
tering,  application  controls,  Web  repu¬ 
tation  services  and  “safe  search”  tools. 

Tools  in  the  emerging  content  moni¬ 
toring  and  filtering  (CMF)  category 
are  another  option.  Companies  can 
use  CMF  systems  to  block  access  to 
Web  sites  and  scan  data  streams  for 
predetermined  character  strings  to 
monitor  what  employees  are  posting 
when  using  the  company  network. 
Other  names  for  this  type  of  tool  in¬ 
clude  content  security  and  enterprise 
content  governance  systems,  says 
Mark  Rhodes-Ousley,  an  information 
security  architect  and  author  of  Net¬ 
work  Security:  The  Complete  Reference, 
(McGraw-Hill  Osborne  Media,  2003). 


Vendors  in  this  category  include  Tab- 
lus  Inc.,  Reconnex  Corp.,  Vontu  Inc., 
Websense  Inc.’s  Port  Authority  unit, 
The  Fidelis  Group  Inc.,  Vericept  Corp. 
and  Clearswift  Ltd. 

While  CMF  technology  shows 
promise,  it  also  has  limitations,  says 
Rhodes-Ousley.  For  instance,  “block¬ 
ing  access  to  specific  locations  is  a 
cumbersome  process  inevitably  punc¬ 
tuated  by  holes,”  he  says.  And  because 
determining  what  content  to  look  for 
is  the  responsibility  of  the  people  con¬ 
figuring  the  technology,  it’s  a  naturally 
error-prone  effort. 

In  addition,  “keyword  searches 
aren’t  going  to  catch  everything,”  says 
Rhodes-Ousley.  And  while  some  of 
these  products  allow  for  quarantining 
certain  types  of  content,  a  moderator 
has  to  sift  through  everything  that’s 


quarantined,  “which  is  not  an  easy 
job,”  he  says. 

Lastly,  CMF  tools  don’t  address 
image-based  content.  “This  technol¬ 
ogy  is  a  useful  part  of  a  comprehensive 
data  leakage  prevention  effort,  but  it’s 
not  enough  by  itself,”  Rhodes-Ousley 
concludes. 

“This  is  still  an  emerging  market,” 
with  less  than  $50  million  to  $60  mil¬ 
lion  in  sales  in  2006,  says  Hallawell. 
“But  we  expect  more  acquisitions  in 
this  space  by  antivirus,  e-mail  and 
URL  filtering  vendors,”  she  adds. 

A  Management  Failure 

The  weaknesses  of  filtering  tools  aren’t 
just  technological  ones,  according  to 
Tim  Bray,  director  of  Web  technologies 
at  Sun  Microsystems  Inc.  They’re  also 
managerial. 

“If  you  think  you  need  filtering  tech¬ 
nologies  to  be  sure  your  employees 
aren’t  damaging  your  reputation,  that’s 
a  management  problem,  not  a  technol¬ 
ogy  one,”  he  says.  “If  employees  can’t 
be  trusted,  technology  is  the  least  of 
your  problems.” 

Sun  was  one  of  the  first  companies  to 
institute  a  blogging  policy  and  claims 
2,000  to  3,000  active  bloggers  among 
its  employees,  both  on  and  off  the 
corporate-sponsored  blogging  site 
( www.blogs.sun.com ).  Bray  says  Sun 
doesn’t  worry  too  much  about  mali¬ 
cious  code  entering  the  network  from 
Web  2.0  sites  because  as  a  Macintosh 
shop,  it’s  less  vulnerable  to  viruses. 

Bray  has  maintained  his  own  per¬ 
sonal  blog  since  2003.  “One  of  the  rea¬ 
sons  why  blogs  have  been  so  effective 
in  general  and  extremely  so  at  Sun  is 
that  the  message  has  not  been  homog¬ 
enized,”  he  says.  “Press  releases  are 
not  particularly  what  ordinary  people 
want  to  read.”  Active  blogging  has  also 
helped  the  company  communicate  bet¬ 
ter  with  its  community  of  users.  “We 
have  much  more  sensitive  antennas 
than  we  would  without  it,”  Bray  says. 

Global  Crossing  has  filtering  tech¬ 
nology  but  uses  it  only  when  abuse  is 
suspected.  The  URL  filtering  system 
from  Secure  Computing  Corp.  in  San 
Jose  can  track  where  employees  are 
spending  time  on  the  Web.  “It’s  impor¬ 
tant  to  have  a  policy  in  place  and  allow 
people  to  get  out  and  participate  in  the 
community,”  Miller  says.  “But  it’s  also 
important  from  a  security  standpoint 
to  have  the  right  tools  in  place  so  that 
if  there  is  misuse,  you  can  go  back  and 
take  proactive  steps  to  stop  it.”  > 


Brandel  is  a  Computerworld  contribut¬ 
ing  writer.  You  can  contact  her  at 
marybrandel@verizon.net. 
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»  If  keeping  up  with  IP  security  requirements  and  compliance  is  important  to  your  branch  operations,  good  news: 
Juniper  makes  any  branch  network  better.  Our  Secure  Services  Gateway  features  the  multi-layered  network-  and 
application-level  protection  your  enterprise  demands,  plus  enough  horsepower  to  ensure  your  security  solution  is 
never  a  LAN  or  WAN  bottleneck. 

Industry  insiders  say  remote  offices  are  your  weakest  link.  But  Juniper’s  SSG  family  delivers  the  muscle  to  protect 
your  high-speed  LAN  as  well  as  your  WAN  —  at  all  branch  sites.  Find  free  white  papers,  demos  and  more: 

www.juniper.net/branch 
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Love  it  or  hate  it,  instant  messaging  has  potential  for  security 
problems.  Here’s  how  to  avoid  them.  By  Jennifer  McAdams 


CELEBRITY  TABLOID  head¬ 
lines  would  scream  if  the 
Screen  Actors  Guild- 
Producers  Pension  and 
Health  Plans  (SAGPH)  suf¬ 
fered  an  instant  messaging 
breach  that  spilled  sensitive  medical 
information  about  the  nation’s  biggest 
stars.  So,  like  many  other  organiza¬ 
tions,  this  benefits  provider  enforces 
rules  to  prevent  IM  from  jeopardizing 
its  data  security. 

Aside  from  the  bulk  of  financial  ser¬ 
vices  corporations,  most  companies 
aren’t  totally  shutting  employees  out  of 
IM  communication  in  the  workplace. 

In  fact,  in  an  exclusive  Computer-world. 
survey  of  113  IT  managers,  40%  said 
their  companies  use  instant  messaging 
as  a  sanctioned  form  of  interoffice  or 
intercompany  communication. 

But  while  companies  are  recognizing 
a  plethora  of  legitimate  business  uses 
for  the  technology,  many  are  moving 
slowly  to  incorporate  security  technol¬ 
ogies  that  drastically  reduce  IM  risks 
like  spyware,  virus  infiltration,  phish¬ 
ing  and  data  compromise  —  the  same 
vulnerabilities  often  associated  with 
e-mail.  In  fact,  in  a  February  survey  of 
192  IT  executives  by  Enterprise  Strat¬ 
egy  Group  Inc.,  nearly  30%  of  respon¬ 
dents  said  they  hadn’t  deployed  any  IM 
security  technology. 

The  Pain  of  Progress 

Upfront  recognition  of  IM  as  a  power¬ 
ful  business  tool  also  requires  upfront 
employee  accountability  for  its  use. 
Companies  embracing  corporate  IM 
are  controlling  its  use  through  guide¬ 
lines  and  policies,  and  IT  executives 
are  sorting  through  a  variety  of  secu¬ 
rity  technologies,  such  as  URL  filters, 
proxy  servers,  firewalls  and  stand¬ 
alone  IM  security  tools. 

“Very  few  companies  can  ban  IM  us¬ 
age  outright,”  says  Peter  Firstbrook,  an 
analyst  at  Gartner  Inc.  “It  has  simply 
become  too  valuable  a  communication 
tool.  However,  some  enterprises  are 
restricting  both  the  type  of  IM  network 
employees  use  and  advanced  features 
such  as  file  transfers  and  gaming.” 

They  may  be  reluctant  to  curb  or  ban 


■  HOWTO 

Manage  hour 
Security  Risk 
From  Instant 
Messaging 

Most  organizations  aren’t  totally 
shutting  employees  out  of  IM  com¬ 
munication  in  the  workplace.  Experts 
offer  this  advice  for  weighing  the 
risk  and  implementing  security 
policies: 

■  Examine  business  uses  for  the 
technology  and  weigh  trade-offs  be¬ 
fore  deciding  to  impose  an  IM  ban. 

■  Consider  including  IM  in  es¬ 
tablished  rules  for  e-mail  usage  in 
the  early  stages  of  IM  adoption  and 
follow  e-mail  best  practices. 

■  Determine  upfront  whether 
industry  regulations  or  internal  poli¬ 
cies  mandate  IM  archiving,  and  plan 
accordingly. 

■  Immediately  suspend  IM  mes¬ 
sages  that  run  afoul  of  industry 
regulations,  and  notify  compliance 
officers  or  attorneys. 


IM,  but  companies  expect  their  employ¬ 
ees  to  behave  appropriately,  says  Kevin 
Donnellan,  SAGPH’s  assistant  CIO. 
“The  most  important  action  enterprises 
can  take  in  controlling  instant  messag¬ 
ing  use  is  to  ensure  employees  are  using 
it  under  prescribed  guidelines,”  he  says. 


SAGPH  relies  on  Symantec  Corp.’s 
IM  Manager  to  enforce  usage  policies. 
IM  Manager  provides  security  and 
archiving  capabilities  for  several  IM 
functions,  such  as  text  messaging,  and 
application  and  file  sharing  —  includ¬ 
ing  audio  and  video  swaps,  which  have 
become  common  in  IM  exchanges. 
SAGPH  and  other  health  care  orga¬ 
nizations  must  also  contend  with  IM- 
related  compliance  and  data  retention 
requirements  of  major  statutes  such  as 
the  Health  Insurance  Portability  and 
Accountability  Act. 

Too  Risky 

Meanwhile,  another  heavily  regulated 
sector  has  looked  long  and  hard  at  IM 
and  still  isn’t  convinced  that  it’s  worth 
the  risk.  “The  financial  services  indus¬ 
try  has  had  to  focus  on  this  area  for  a 
few  years  now  because  Securities  and 
Exchange  Commission  regulations  re¬ 
quire  retention  of  IM  communications 
for  three  years,”  says  Richard  Wolf, 
managing  partner  at  Lexakos  LLC,  a 
West  Orange,  N.J.-based  business  ad¬ 
visory  firm  that  specializes  in  compli¬ 
ance  and  records  management. 

SEC  oversight  and  those  hefty  regu¬ 
lations  factored  heavily  into  an  IM 
ban  at  First  National  Bank  of  Bosque 
County  in  Valley  Mills,  Texas.  “We 
looked  at  all  the  benefits  and  risks  and 
decided  some  time  ago  that  the  risk  far 
outweighs  any  benefits  we  might  real¬ 
ize,”  says  Brent  Rickels,  a  vice  presi¬ 
dent  at  the  bank.  “E-mail  can  do  many 
of  the  things  that  IM  can  accomplish, 
and  there  is  just  too  much  opportunity 
for  information  to  leave  the  institution 
without  approval.” 

It  seems  that  organizations  either 
love  or  hate  the  idea  of  IM.  “Compa¬ 
nies  are  taking  one  of  two  approaches. 
Either  they’re  embracing  the  technol¬ 
ogy  and  installing  IM-centric  security 
devices,  such  as  proxy  servers,  or 
they’re  banning  IM  in  the  enterprise 
altogether,”  says  Robert  Hoffer,  manag¬ 
ing  director  at  San  Mateo,  Calif.-based 
NewForth  Partners  LLC. 

The  mergers-and-acquisitions  advi¬ 
sory  services  firm  relies  on  IM  exten¬ 
sively.  “We  use  IM  to  manage  all  of  our 


software  engineers  in  Thailand,  Russia 
and  India,”  Hoffer  says. 

Along  with  using  IM  internally, 
NewForth  advises  and  educates  clients 
on  the  business  case  for  IM.  Hoffer  of¬ 
fers  some  tactical  advice  to  companies 
poised  to  formally  invite  IM  into  the 
organization.  “Purchase  an  IM  proxy 
server  that  can  be  scaled  to  your  needs 
quickly,”  he  suggests.  “Make  sure  that 
your  proxy  server  vendor  supports 
multiple  IM  networks’  native  protocols 
for  file  transfer.  Always  keep  in  mind 
that  IM  is  supposed  to  be  ‘instant  mes¬ 
saging,’  so  don’t  implement  solutions 
that  try  to  wrap  in  e-mail-type  inter¬ 
faces  around  IM.  Let  IM  be  what  it  is.” 

While  companies  such  as  NewForth 
are  at  peace  with  IM,  Atlanta-based 
Royal  Food  Service  Co.  is  among  those 
resolutely  opposed  to  it.  “We  don’t 
allow  IM  at  all  in  our  organization,” 
says  Jerry  Maze,  CIO  at  the  supplier 
of  produce  and  dairy  products.  “In 
addition  to  the  security  concerns,  we 
feel  IM  allows  employees  to  waste  a 
lot  of  time.  We  don’t  feel  it  serves  any 
purpose  that  e-mail  can’t  serve  in  our 
industry.” 

Royal  uses  San  Mateo-based  Scan- 
Safe  Inc.’s  IM  Security-as-a-Service 
offering  to  shut  out  IM  use  in  the  or¬ 
ganization.  Businesses  less  opposed 
to  internal  IM  use,  however,  can  use 
ScanSafe’s  managed  IM  service  to  help 
fight  threats  such  as  spam  for  IM,  or 
“spim.”  Like  many  other  IM  security 
products  and  services  now  on  the  mar¬ 
ket,  the  ScanSafe  service  also  fortifies 
accountability  by  linking  screen  names 
to  employees. 

Vendors  selling  IM  security  appli¬ 
ances  include  Akonix  Systems  Inc., 
FaceTime  Communications  Inc.  and 
iAnywhere  Solutions  Inc.  Meanwhile, 
some  software  providers  are  offering 
IM  security  and  management  services 
in  enterprise  suites,  such  as  IBM  Lotus 
Sametime.  In  addition,  some  security 
vendors,  such  SonicWall  Inc.,  are  in¬ 
corporating  IM  control  functions  in 
content-security  offerings. 

Despite  the  wealth  of  security  tech¬ 
nologies  now  available,  IM  is  still  a 
communications  medium  that  not  ev¬ 
eryone  has  embraced.  “I  find  IM  very 
intrusive  myself,”  Maze  acknowledges. 

Hence,  enterprise  IT  executives 
poised  to  sanction  internal  IM  use  will 
likely  find  themselves  contending  with 
the  strong  convictions  of  company  of¬ 
ficials  and  regulatory  realities  that  can 
make  it  a  tough  decision.  * 


McAdams  is  a  freelance  writer  in  Vien¬ 
na,  Va.  Contact  her  at  JMTechWriter@ 
aol.com. 
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TAKE  A  DEEPER  LOOK. 


Here's  a  big  idea.  With  the  new  SonicWALL"  TZ  190,  your  secure  3G  wireless  broadband  network  can  be  up  and  running  in  an  instant. 
The  TZ  190  connects  to  the  Internet  using  the  cellular  phone  network  so  you  don’t  need  to  wait  for  a  fixed  broadband  connection. 
It's  perfect  for  seasonal  stores,  retail  kiosks,  mobile  point-of-sale  stations,  portable  ATM  machines,  disaster  recovery  networks  and 
SonicWALL  network  security  solutions  are  built  on  a  deep  packet  inspection  architecture  that  can  examine  every  packet  of  data  before 
it  enters  a  network.  When  deployed  with  SonicWALL’s  Gateway  Anti-Virus,  Anti-Spyware  and  Intrusion  Prevention  Service,  the  TZ  190 
stops  viruses,  Trojans,  spyware,  phishing  attacks,  and  other  emerging  threats.  Wireless  LAN  users  can  also  easily  and  securely 
connect  using  SonicPoints,  our  Wi-Fi  wireless  access  point.  See  the  TZ  1 90  flash  demo  or  learn  about  SonicWALL’s 
wireless  solutions  at  www.sonicwall.com/bulb  or  call  1.888.557.6642  today. 
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Handheld  electronics  travel  everywhere  in  your 
company,  spilling  data  along  the  way.  Here’s  how 
to  plug  the  holes.  By  Mary  K.  Pratt 


FABI  GOWER  saw  big  threats  in 
small  packages. 

As  vice  president  of  informa¬ 
tion  systems  at  health  care  re¬ 
cruiting  firm  Martin,  Fletcher 
in  Irving,  Texas,  Gower  feared 
that  various  handheld  gadgets  could  cor¬ 
rupt  her  network  and  the  data  on  it. 

“When  PDAs  first  became  popular, 
that  was  the  first  red  flag.  That  was  the 
‘Uh-oh,  they  can  plug  these  right  into  the 
computer,  and  who  knows  what  they’re 
taking  back  and  forth,’  ”  Gower  says. 

She  contemplated  using  Super  Glue 
to  plug  up  USB  ports  but  resisted  taking 
such  a  reactionary  step.  Instead,  Gower 
developed  a  stronger,  more  comprehen¬ 
sive  security  policy  that  regulates  the 
use  of  smart  phones  and  tablet  comput¬ 
ers.  Gower  also  began  using  Sanctuary 
Device  Control,  an  application  from 
SecureWave  Inc.  in  Herndon,  Va.,  to 
prevent  unauthorized  access  to  the 
network.  “I  feel  very,  very  comfortable 
that  no  one  can  plug  in  a  device  [with¬ 
out  my  being]  aware  of  it,”  she  says. 

Ban  or  Control? 

Workers  of  all  stripes  are  eagerly  em¬ 
bracing  handheld  electronics,  from 
smart  phones  and  USB  drives  to  MP3 
players  and  portable  gaming  players. 
And  while  not  every  device  has  a  busi¬ 
ness  use,  they  all  can  plug  into  the  corpo¬ 
rate  network.  That  means  sensitive  data 
can  leak  out  and  malware  can  come  in. 

It  might  be  tempting  to  simply  lock 
down  all  access,  but  such  Draconian 
actions  are  rarely  required.  Rather, 
security  leaders  say,  executives  should 
weigh  the  risk  of  harm  to  their  com¬ 
panies  against  workers’  need  for  these 
miniature  devices.  They  should  then 
develop  comprehensive  policies  about 
who  has  access  to  what  data  on  certain 
devices  and  enforce  those  policies  us¬ 
ing  appropriate  technological  controls. 

“I  don’t  think  it’s  realistic  to  think  you 
can  prevent  the  use  of  these  devices. 
Companies  have  to  think  in  terms  of 
controlling  them,”  says  Jonathan  G. 
Gossels,  president  of  SystemExperts 
Corp.,  a  Sudbury,  Mass.-based  provider 
of  network  security  consulting  services. 

Controlling  these  devices  has  some 
unique  challenges.  Their  size  makes 
them  difficult  to  detect,  and  they  can  be 
easily  lost  or  stolen.  They’re  also  cheap 
enough  for  the  average  worker  to  own, 
which  means  companies  are  seeing  more 
of  these  devices,  and  a  greater  variety 
of  them,  hooked  up  to  their  networks. 

“We  have  a  sense  we’re  only  seeing 
the  tip  of  the  iceberg.  Because  they’re 
so  small  and  portable,  they’re  always 
under  the  radar,”  says  Kent  Anderson, 
Continued  on  page  36 
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SunGard  provides  uncommonly  strong  techniques  to  keep 
your  IT  systems  available.  You’re  always  in  control,  with  a 
broad  range  of  hosting  and  recovery  services  at  your 
command.  You’re  always  confident,  because  SunGard’s 
extensive  redundancy,  highly  experienced  people,  and 
100%  recovery  success  rate  are  working  in  your  favor. 

With  access  to  some  of  the  industry’s  most  extensive 
IT  resources,  you’re  able  to  achieve  precise  levels  of 
Information  Availability  across  the  enterprise.  Prioritize  the 


availability  of  each  critical  application — from  “always  on”  to 
advanced  recovery — while  knowing  that  your  solution  can 
seamlessly  scale  as  your  business  evolves.  To  the  exact 
degree  you  demand.  At  the  exact  time  you  need  it. 

You  set  the  levels,  we’ll  do  the  rest.  SunGard  keeps  you  in 
control  with  a  more  precise  approach  to  Information  Availability. 

SUNGARD 

Availability  Services 
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WHAT  EXECUTIVES  THINK 


The  wave  of  handheld  and  miniature  devices  has  executives  worried,  according  to  a  survey 
conducted  by  Forrester  Consulting  and  Vontu  Inc.,  a  San  Francisco  provider  of  data  loss 

prevention  software.  Here  are  some  of  the  results,  which  were  released  in  January: 


95%  said  data  loss  prevention  is  a  major 
priority  for  2007. 

76%  said  they're  not  satisfied  with  the 
visibility  they  have  into  confidential  data  being 
downloaded  to  PCs,  and  72%  named  data 
loss  via  removable  media  as  their  top  concern. 

52%  had  lost  confidential  data  through 
removable  media  such  as  USB  drives  in  the 
,  past  two  years. 

40%  said  they  rely  mainly  on  paper-based 


controls,  i.e.,  written  policies  given  to  employ¬ 
ees,  to  prevent  such  problems. 

86%  said  data  loss  prevention  is  part  of 
their  2007  budget,  and  76%  said  their  budget 
for  data  loss  prevention  is  up  this  year  over  last. 

69%  are  pursuing  endpoint  data  loss 
prevention  applications,  with  44%  piloting  or 
planning  to  deploy  such  tools  in  2007. 

-  MARY  K.  PRATT 

SOURCE:  AN  ONLINE  SURVEY  OF  151  DECISION-MAKERS 
AT  NORTH.  AMERICAN  COMPANIES  WITH  ANNUAL  REVENUE 
:  OF  MORE  T.HAM  S200  MILLION 


Continued  from  page  34 
managing  director  at  Network  Risk 
Management  LLC  in  Portland,  Ore., 
and  a  member  of  the  Information  Sys¬ 
tems  and  Audit  Control  Association 
(ISACA)  Certified  Information  Secu¬ 
rity  Manager  board. 

That  explains,  in  part,  why  many 
companies  still  don’t  have  appropriate 
policies  and  controls  in  place. 


HOWTO 


Protect  Your 
Data  from 
Mini  Device 
Leaks 


One  of  the  biggest  threats  to  network 
and  data  security  today  comes  from  mini 
devices.  Ironic?  Yes.  Insurmountable? 

No.  To  deal  with  this  threat,  start 
with  these  steps: 

*  Establish  a  corporate  policy 

that  specifies  who  can  use  what  de¬ 
vices  under  what  circumstances. 

*  Take  a  look  at  what  you  have. 

Account  for  corporate-owned  de¬ 
vices.  Determine  whether  workers 
are  using  personal  devices  at  work. 
Evaluate  whether  your  antivirus  soft¬ 
ware  can  adequately  protect  your 
network  from  malware  coming  from 
these  devices. 

*  Back  up  policy  with  technol¬ 
ogy.  Allow  only  corporate-owned 
devices  onto  your  network.  Con¬ 
sider  using  applications  that  block 
nonauthorized  access  to  USB  ports. 
Implement  sound  data-protection 
policies  that  include  encryption  of 
sensitive  data,  so  if  a  mini  device  is 
lost,  the  data  is  not  compromised, 
needed,  upgrade  your  software  to 
block  malware  from  mini  devices. 


“In  simple  terms,  they’re  behind  the 
curve,”  Anderson  says.  “Most  compa¬ 
nies  have  an  awareness  [that]  there’s  a 
problem.  They’re  starting  to  see  it,  but 
they’re  at  somewhat  of  a  loss  as  to  what 
to  do  about  it.” 

Like  any  other  IT  or  business  ini¬ 
tiative,  a  successful  strategy  for  con¬ 
trolling  the  use  of  removable  media 
requires  thoughtful  planning,  careful 
execution  and  the  right  tools. 

“There’s  actually  a  balance  that  has 
to  be  considered,”  says  Rena  Mears,  na¬ 
tional  and  global  service  line  leader  for 
privacy  and  data  protection  at  Deloitte 
&  Touche  LLP  in  New  York. 

Senior  officers  have  to  think  of  the 
company’s  data  as  an  asset  and  consid¬ 
er  what  has  the  highest  value,  what  is 
most  at  risk,  what  protections  are  nec¬ 
essary  and  who  should  have  access  to 
what,  Mears  says.  They  have  to  weigh 
all  that  against  the  need  to  conduct 
business  in  an  efficient  manner,  which 
today,  like  it  or  not,  involves  miniature 
mobile  devices,  she  says. 

“You  have  to  balance  the  protection 
and  the  productivity.  You  don’t  want  to 
absolutely  ban  people  from  using  these 
things,”  says  Bill  Boni,  corporate  infor¬ 
mation  security  officer  at  Motorola  Inc. 
in  Schaumburg,  Ill.,  and  international 
vice  president  at  the  ISACA.  Companies 
need  to  “make  risk-based  decisions  that 
are  acceptable  to  them,”  Boni  adds. 

Find  the  Right  Fit 

SystemExperts’  Gossels  and  Richard 
Mackey,  vice  president  of  consulting 
at  the  company,  recommend  a  multi¬ 
pronged  approach.  First,  develop  a 
policy  that  defines  what  the  company 
considers  acceptable  use  of  these  de¬ 
vices.  Some  companies  might  decide 
to  limit  the  use  of  USB  flash  drives  to 
specific  machines  and  workers.  Others 
might  decide  to  disable  all  USB  ports 
in  highly  sensitive  environments. 

Gossels  and  Mackey  say  that  com¬ 


panies  must  then  back  up  their  policy 
with  technical  solutions,  being  sure  that 
their  virus  scans,  for  example,  extend  to 
devices  plugged  into  USB  ports.  They 
must  decide  which  devices  need  pass¬ 
word  protections  and  what  data  needs 
encryption  so  the  loss  or  theft  of  a  PDA 
or  smart  phone  won’t  put  confidential 
information  at  risk. 

Chris  Kashner,  a  desktop  consulting 
specialist  at  Highmark  Blue  Cross  Blue 
Shield  in  Pittsburgh,  has  successfully 
brought  such  devices  into  his  organiza¬ 
tion  while  protecting  network  and  data 
security.  Kashner  started  last  year  by 
looking  at  what  workers  were  plugging 
into  the  network.  The  audit  found  “a  lot 
of  MP3  players  and  more  flash  drives 
than  we  ever  imagined,”  he  says. 

Kashner  then  worked  with  others 
to  develop  companywide  policies  and 
explain  the  new  rules  to  Highmark’s 
13,000  employees.  He  also  implement¬ 
ed  Pointsec  Device  Protector,  which 
allows  the  company  to  enforce  its  poli¬ 
cies.  For  example,  flash  drives  that  don’t 
belong  to  Highmark  are  set  to  read  only. 

Moreover,  Kashner  says  that  because 
Highmark  allows  only  company- 
purchased  devices,  it  can  enforce  its 
encryption  policies,  which  means  no 
data  goes  out  the  door  unprotected. 

Such  measures  take  companies  one 
step  closer  to  the  more  comprehensive 
solution  that  some  experts  advocate: 
protection  that  follows  the  data  itself. 

“The  answer  isn’t  to  try  to  control 
devices.  The  answer  is  to  control  the 
data,”  Anderson  says.  To  do  that  ef¬ 
fectively,  he  says,  companies  not  only 
need  policies  about  the  approved  use  of 
these  devices,  but  also,  more  important, 
data  classification  policies  that  teach 
workers  how  to  properly  recognize, 
classify  and  handle  sensitive  material. 

Jim  Molini,  principal  information 
security  engineer  at  The  Mitre  Corp., 
a  not-for-profit  IT  services  company 
in  McLean,  Va.,  knows  firsthand  why 
that’s  so  important.  He  once  asked  to 
transfer  files  to  a  client’s  system  using  a 
flash  drive,  but  his  client  said  such  devic¬ 
es  were  prohibited.  Instead,  Molini  had 
to  put  the  material  on  a  CD.  He  wonders, 
Was  the  data  —  or  system  —  any  more 
secure  by  using  a  CD  instead  of  a  flash 
drive?  Molini  says  he  doubts  it,  consider¬ 
ing  that  the  CD  now  contains  a  perma¬ 
nent  record  of  the  sensitive  information. 

“We’re  finding  more  and  more  that 
where  the  data  is  located  is  irrelevant,” 
he  says.  Ultimately,  it’s  about  the  protec¬ 
tion  of  the  data,  wherever  it  may  reside. » 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 


Loose  in  the 
Workplace 

Does  your  company  have  a  policy  that  covers 
employees  having  small  devices  at  work,  such  as 
iPods,  USB  drives  or  cell  phones  with  cameras? 
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Joining  the  Banned 

Are  these  devices  banned  at  your  company? 
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Policy  Decision 

Will  your  company  be  working  on 
a  device  policy  in  2007? 
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Small  Threat? 


Have  you  had  security  problems 
related  to  these  devices? 
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lie  Conversation 

‘Thou  shalt  not’  is  a  big  turnoff  for  the  Gen  Y  crowd. 
Try  a  marketing  tack  mstead.  By  Thomas  Hoffman 


Having  spent  23  years  in  the 
information  security  field, 
including  stints  as  chief  in¬ 
formation  security  officer  at 
Charles  Schwab  &  Co.,  Bank 
of  America  Corp.  and  Volk¬ 
swagen  Credit,  Ed  Zeitler  has  learned  a 
lot  about  how  to  convey  the  importance 
of  information  security  to  employees. 

“The  message  has  to  be  short  and 
sweet  and  say  what  it  has  to  say,”  says 
Zeitler,  who  was  recently  named  execu¬ 
tive  director  of  the  International  Infor¬ 
mation  Systems  Security  Certification 
Consortium  in  Palm  Harbor,  Fla.  “The 
less  grand  it  is,  the  better  received  it  is.” 

In  some  of  the  companies  where  he 
has  been  CISO,  Zeitler  and  his  team  have 
put  together  a  “Did  you  know?”  type 
of  FAQto  draw  employee  attention  to 
phone  and  PDA  security.  “It  has  to  be 
entertaining,”  he  says. 

Or  it  has  to  be  memorable,  like  an 
advertisement  that  reads,  “Don’t  think 
your  iPod  is  a  threat?  Guess  again,”  says 
Jon  Miller,  president  of  the  Long  Island 
chapter  of  the  FBI’s  InfraGard  program. 

Zeitler,  Miller  and  other  IT  leaders 
have  found  that  to  get  the  security  mes¬ 
sage  to  stick,  it’s  best  to  communicate 
frequently  with  workers  but  to  vary  the 
technique  and  type  of  medium  used. 

“One  size  does  not  fit  all,  because 
people  have  different  ways  of  learn¬ 
ing  and  doing  things,”  says  Howard 
Schmidt,  former  White  House  cyber¬ 
security  adviser  and  CISO  at  Microsoft 
Corp.  and  eBay  Inc.  Schmidt  has  since 
founded  R&H  Security  Consulting 
LLC  in  Issaquah,  Wash. 

Information  security  “is  a  market¬ 
ing  campaign,”  says  Mark  Lobel,  a 
partner  at  PricewaterhouseCoopers  in 
New  York.  As  such,  he  says,  IT  leaders 
should  consider  who  their  target  audi¬ 
ence  is,  which  channels  they  should 
use  to  convey  messages  and  the  key 
messages  they’re  trying  to  get  across. 

To  assist  with  this,  each  time  he  has 
stepped  in  as  a  corporate  CISO,  Zeitler 
has  made  it  a  top  priority  to  add  a  com¬ 
munications  specialist  to  his  staff. 

“I  can  get  more  security  out  of  a  com¬ 
pany  by  hiring  a  communications  spe¬ 
cialist  who’s  really  sharp  than  buying  a 


HOWTO 

Get  the  Word  Out  to  Your  Staff 

All  the  technology  in  the  world  can’t  keep  your  information  safe  if  your  workers  aren’t  clued 
in  to  company  policies.  Here  are  tips  for  effectively  communicating  information 

security  to  workers: 


■  Know  your  audience,  and  consider 
the  most  effective  media  for  getting  a 
particular  message  across  to  different 
crowds.  Baby  boomers  prefer  straightfor¬ 
ward  communication,  such  as  well-written 
memos,  while  Gen  Y  workers  prefer  mes¬ 
sages  that  are  quick  and  to  the  point. 

■  Use  interactive  communication 
techniques,  such  as  video  games  and 
comical  multiple-choice  quizzes.  These 
can  be  engaging  and  let  managers  assess 
the  effectiveness  of  communications. 

■  Avoid  top-down  edicts  on  corpo¬ 
rate  security  policies,  which  don’t 
resonate  well  with  younger  workers. 

Annual  broadcasts  aren’t  frequent  enough 
and  are  quickly  forgotten. 

■  Try  to  make  newsletters  or  e-mails 
colorful.  For  instance,  a  set  of  “Did  you 
know?”  bullet  points  can  be  both  entertain¬ 
ing  and  educational. 

bunch  of  network  security  equipment,” 
says  Zeitler.  That’s  because  communi¬ 
cations  professionals  understand  the 
audience  they’re  trying  to  reach  and 
which  marketing  strategies  and  media 
will  appeal  most,  he  says. 

That  can  be  particularly  useful  for 
IT  executives  who  might  struggle  with 


■  In  face-to-face  meetings  with  work¬ 
ers,  explain  not  only  what  is  being 
done  (for  example,  desktop  encryp¬ 
tion),  but  also  why  it’s  being  done.  Be 

sure  to  allow  employees  to  ask  questions 
and  provide  feedback.  It  not  only  helps 
them  feel  like  their  opinions  matter,  but  it 
also  gives  managers  that  can  help  them 
improve  policies  and  operations. 

■  Offer  workers  security-related  in¬ 
formation  that  can  be  applied  outside 
the  workplace,  such  as  the  technical 
risks  of  sharing  iPod  songs  on  a  peer-to- 
peer  level;  employees  are  more  likely  to 
pay  attention  to  policies  that  also  apply  in 
their  personal  lives. 

■  Have  a  communications  specialist 
or  business  executive  discuss  the 
importance  of  information  security. 

This  can  help  convince  employees  that 
the  topic  is  a  business  issue  -  and  not 
something  they  solely  equate  with  IT. 

how  to  connect  with  workers  who  are 
20  or  30  years  younger  than  they  are. 

“When  we  think  about  the  younger 
generation,  they  don’t  trust  a  lot  of 
people,  but  they  do  trust  their  manag¬ 
ers,”  says  Susan  Dorflinger,  director  of 
global  employee  marketing  at  GE  Real 
Estate  in  Stamford,  Conn.  So  in  addition 


to  posting  security  information  on  the 
company  intranet,  sending  e-mail  blasts 
and  placing  posters  in  high-traffic  areas, 
GE  Real  Estate  executives  also  encour¬ 
age  managers  to  have  frequent  face- 
to-face  communication  with  younger 
employees. 

To  help  reinforce  the  security  mes¬ 
sage,  Dorflinger  often  attends  small  de¬ 
partment  meetings  of  10  to  15  employ¬ 
ees  and  their  managers,  “and  she  may 
mention  the  importance  of  not  leaving 
your  BlackBerry  lying  around,”  notes 
Hank  Zupnick,  CIO  at  GE  Real  Estate. 

Although  face-to-face  interactions 
have  worked  well,  say  Dorflinger  and 
Zupnick,  billboard-type  advertisements 
have  also  proved  effective  with  the 
younger  crowd.  “Some  of  our  fliers  don’t 
have  the  standard  computer  images  on 
them,  but  [rather]  images  that  make 
people  stop  and  think,”  such  as  a  banana 
peel  on  the  floor,  says  Dorflinger. 

“We  try  not  to  make  it  look  like  an  IT 
thing,”  agrees  Zupnick,  since  95%  of  GE 
Real  Estate’s  employees  work  outside  of 
the  IT  department. 

At  Freddie  Mac,  the  security  division 
relies  heavily  on  the  organization’s  in¬ 
tranet  to  share  information  with  employ¬ 
ees,  but  brown-bag  lunches  with  20  to 
50  people  tend  to  work  well  when  the  se¬ 
curity  team  has  a  specific  topic  it  wants 
to  reinforce,  says  John  Fox,  vice  presi¬ 
dent  of  data  quality  and  security  at  the 
McLean,  Va.-based  mortgage  purchaser. 

For  instance,  Freddie  Mac’s  security 
group  started  a  project  late  last  year  to 
encrypt  all  of  the  company’s  laptops 
and  desktops  —  an  effort  that  would 
eventually  touch  each  of  its  5,300  em¬ 
ployees,  says  Fox.  Instead  of  e-mailing 
information  about  the  project  to  staff¬ 
ers,  the  security  group  held  a  series  of 
brown-bag  lunches  to  explain  why  the 
encryption  effort  was  being  done,  what 
it  would  achieve  and  why  everyone’s 
participation  was  essential,  he  says. 

“It’s  a  two-way  engagement,”  says 
Fox.  “We’re  able  to  get  our  message  out, 
but  we  also  get  feedback  on  how  we  do 
the  deployment  of  the  project.  It  gives 
us  a  more  effective  way  of  understand¬ 
ing  what  we  need  to  look  out  for  and 
keep  the  projects  successful.” 

In  addition  receiving  information  via 
face-to-face  discussions,  twentysome- 
things  like  to  get  security  updates  in  the 
form  of  podcasts  and  webcasts  that  they 
can  download  to  their  mobile  devices 
and  view  at  any  time,  says  Schmidt. 

But  do  they  bother  to  view  it  when 
they  could  be  sending  text  messages  to 
friends?  Absolutely,  says  Schmidt.  “The 
easier  the  company  makes  it  for  them 
to  absorb  something,”  he  says,  “the 
more  likely  they’ll  pay  attention  to  it.”  * 
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Six  Ways 

To  Stop 

Data  Leaks 

A  data  breach  at  DuPont  offers 
timely  lessons  for  thwarting  insider 
threats.  By  Jaikumar  Vijayan 


controls  for  enforcing  those  policies, 
Shulman  says.  For  instance,  have  con¬ 
trols  that  issue  alerts  when  someone 
who  might  normally  work  with  about 
10  documents  a  day  suddenly  starts  ac¬ 
cessing  a  lot  more,  he  says. 

Making  access  control  decisions  on 
an  “insider  vs.  outsider”  basis  is  overly 
simplistic,  says  Matt  Kesner,  CTO 
at  Fenwick  &  West  LLC,  a  Mountain 
View,  Calif.-based  law  firm.  Sometimes 
an  outsider  may  legitimately  need  equal 
or  greater  access  to  internal  assets  than 
what  an  insider  would  need.  For  exam¬ 
ple,  Fenwick  &  West’s  client  extranets 
are  used  by  clients  to  collaborate  with 
the  firm’s  attorneys,  Kesner  says,  not¬ 
ing  that  external  users  are  sometimes 
“more  interested  in  our  data”  than 
insiders. 


DURING  THE  FIVE  MONTHS  when  Gary  Min 
was  stealing  $400  million  worth  of 
proprietary  information  from  a  DuPont 
database,  he  downloaded  and  accessed 
more  than  15  times  as  many  documents 
as  the  next  most  active  user  of  the  sys¬ 
tem.  But  he  wasn’t  caught  until  after  he 
left  the  company  for  a  rival  firm. 

Min  pleaded  guilty  last  November 
to  misappropriating  DuPont  data  and 
is  scheduled  to  be  sentenced  on  March 
29.  His  case  is  only  the  latest  to  high¬ 
light  a  lack  of  internal  controls  at  many 
companies  for  dealing  with  insider 
threats.  In  February,  a  cell  develop¬ 
ment  technologist  at  battery  maker 
Duracell  admitted  to  stealing  research 
related  to  the  company’s  AA  batteries, 
e-mailing  the  information  to  his  home 
computer  and  then  sending  it  to  two 
Duracell  rivals. 

Dealing  with  such  risks  can  be  chal¬ 
lenging,  especially  in  large  corpora¬ 
tions,  says  Tom  Bowers,  former  man¬ 
ager  of  information  security  operations 
for  the  global  security  division  of  Wy¬ 
eth  Pharmaceuticals  Inc. 

“I  am  not  at  all  surprised”  about 
what  happened  at  DuPont,  says  Bow¬ 
ers,  who  is  now  managing  director  at 
Security  Constructs  LLC,  a  Fleetwood, 
Pa.-based  consultancy.  “When  you 
have  a  huge  multinational  like  that, 
your  security  department  is  never  re¬ 
ally  going  to  fully  have  any  realistic 
idea  of  where  or  how  the  information  is 
flowing,”  he  says. 

But  there  are  ways  to  mitigate  the 
risks  and  keep  track  of  what’s  going  on 
inside  the  firewall.  Experts  suggest  tak¬ 
ing  the  following  steps: 


GET  A  HANDLE  ON  THE  DATA.  It’s  im¬ 
possible  to  set  controls  for  sensi¬ 
tive  and  proprietary  information 
on  your  network  if  you  don’t  even 
know  where  that  data  is. 

An  organization’s  sensitive  data 
is  widely  distributed  throughout  its 
network,  says  Eric  Ogren,  an  analyst 
at  Enterprise  Strategy  Group  Inc.  in 
Milford,  Mass.  Important  data  resides 
not  just  in  databases,  but  also  in  e-mail 
messages,  on  individual  PCs  and  as 
data  objects  in  Web  portals.  Sensitive 
information  also  comes  in  many  forms, 
including  credit  card  and  Social  Secu¬ 
rity  numbers.  And  trade  secrets  can  be 
found  in  many  types  of  documents  and 
files,  such  as  customer  contracts  and 
agreements  and  product  development 
specifications,  Ogren  says. 

Implementing  one  set  of  controls  for 
all  data  types  can  be  inefficient  and  im¬ 
practical.  Instead,  categorize  data  and 
choose  the  most  appropriate  set  of  con¬ 
trols  for  each  data  class.  Tools  that  auto¬ 
matically  scan  company  networks  and 
identify  where  sensitive  data  resides  are 
available  from  vendors  such  as  Recon- 
nex  Inc.,  Tablus  Inc.  and  Websense  Inc., 
and  such  products  are  growing  in  num¬ 
ber.  Many  of  these  tools  can  be  used  to 
separate  data  into  different  categories 
based  on  policies  defined  by  a  company. 


MONITOR  CONTENT  IN  MOTION. 

As  companies  Web-enable 
their  businesses  and  link  up 
with  networks  belonging 
to  partners,  suppliers  and 
customers,  it  is  vital  to  keep  track  of 
what’s  flowing  over  those  networks. 


Content  monitoring  was  a  core  “foun¬ 
dation  piece”  for  Wyeth’s  data  protec¬ 
tion  strategy,  Bowers  says.  With  so 
many  network  “egress  points”  for  data, 
it  is  vital  to  be  able  to  monitor  network 
traffic,  he  says. 

Vendors  such  as  Vericept  Corp., 
Vontu  Inc.,  Oakley  Networks  Inc.,  Re- 
connex  and  Websense  all  sell  products 
that  inspect  e-mail,  instant  messaging 
and  peer-to-peer  file-sharing  systems, 
as  well  as  Web  postings  and  FTP  sites, 
for  data  that  may  be  exiting  a  network 
in  violation  of  company  policies.  The 
tools  sit  near  network  gateways  and  are 
designed  to  issue  alerts  when  they  find 
suspicious  data  packets.  Many  of  the 
products  can  also  be  used  to  enforce 
actions  such  as  blocking  data  or  en¬ 
crypting  it  when  it  leaves  the  network. 

Such  content-filtering  tools  allowed 
Wyeth  to  “look  at  everything  com¬ 
ing  in  and  going  out  of  our  networks,” 
Bowers  says.  “We  monitored  all  ports 
and  all  protocols  for  content.” 


3  KEEP  AN  EYE  ON  DATABASES, 
WHICH  CAN  CONTAIN  A  COMPA¬ 
NY’S  INFORMATIONAL  CROWN 
JEWELS.  You  should  know 
not  only  who’s  accessing 
databases,  but  also  when,  where,  how 
and  why  they’re  doing  so.  Database 
monitoring  tools  that  are  designed  to 
allow  companies  to  monitor  database 
access  and  activity  are  available  from 
companies  such  as  Imperva  Inc.,  Guar- 
dium  Inc.,  Application  Security  Inc. 
and  Lumigent  Technologies  Inc.  Such 
products  are  designed  to  keep  an  eye 
on  what  users  and  administrators  are 
doing  with  their  access  privileges  and 
either  prevent  certain  actions  —  such 
as  modifying,  copying,  deleting  or 
downloading  large  sets  of  files  —  or 
send  out  alerts  when  someone  attempts 
one  of  those  actions.  They  also  can 
provide  clear  audit  trails  that  track 
when  people  try  to  act  outside  of  cor¬ 
porate  policy. 

Encrypting  sensitive  data  in  data¬ 
bases  is  another  measure  companies 
should  consider,  if  they  haven’t  done  so 
already. 


LIMIT  USER  PRIVILEGES.  Most 
companies  give  employees  far 
more  access  than  they  really 
need,  says  Amichai  Shulman, 
chief  technology  officer  at 
Imperva.  Monitoring  user  access  to 
mission-critical  data  and  detecting  un¬ 
authorized  access  to  high-risk  data  are 
key  steps  to  take. 

Create  access  policies  that  limit 
users’  network  privileges  strictly  to 
what  is  required  for  their  jobs,  and  set 


COVER  THOSE  ENDPOINTS.  The 

proliferation  of  portable  de¬ 
vices,  such  as  laptops  and 
handhelds,  and  removable 
media,  such  as  USB  memory 
sticks  and  iPods,  makes  it  easier  than 
ever  for  rogue  insiders  to  walk  away 
with  gobs  of  corporate  data.  Companies 
must  develop  measures  for  centrally 
controlling  and  monitoring  which  de¬ 
vices  can  be  attached  to  corporate  net¬ 
works  and  systems  and  what  data  can 
be  downloaded,  uploaded  and  stored 
on  them.  Doing  that  can  be  a  challenge, 
but  several  tools  are  becoming  available 
that  promise  to  make  the  task  easier, 
including  products  from  Code  Green 
Networks  Inc.,  ControlGuard  Inc.  and 
SecureWave  SA. 

“When  it  comes  right  down  to  it, 
very  few  companies  have  put  in  place 
effective  controls  that  enable  them  to 
monitor  internal  systems  closely  and 
allow  them  to  follow  the  movement 
of  data”  on  their  networks,  says  Alex 
Bakman,  CEO  of  Ecora  Software  Corp. 
That  means  breaches  can  go  unnoticed 
for  long  periods  of  time,  he  says. 


6  CENTRALIZE  YOUR  INTELLECTUAL 
PROPERTY  DATA.  It’s  not  fea¬ 
sible  for  a  large  company  to 
protect  intellectual  property 
scattered  in  multiple  systems, 
says  Ira  Winkler,  an  independent  secu¬ 
rity  consultant  and  a  Computerworld- 
com  columnist.  Therefore,  storing 
intellectual  property  data  in  a  central¬ 
ized  document  library  system  when¬ 
ever  possible  makes  for  better  security 
and  information  sharing,  he  says. 

“Normally  ‘putting  all  your  eggs  into 
one  basket’  has  a  negative  connotation,” 
Winkler  says.  But  in  this  case,  he  says, 
it’s  easier  to  protect  one  system  than  it 
is  to  protect  numerous  systems.  > 
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Snapshots 


With  Malice 

The  top  10  threats  to 
enterprise  security: 


1  Trojans,  viruses,  worms 
and  other  malicious  code 

2 

Spyware 

3 

Spam 

4 

Employee  error  (unintentional) 

5  Hackers 

6 

Application  vulnerabilities 

7 

Data  stolen  by  an  employee 
or  business  partner 

8 

Deployment  of  new  technology 

9 

Wireless  LANs 

10 

Insider  sabotage 

The  Big  Boys 

The  top  10  vendors,  by  2005  world¬ 
wide  security  products  revenue: 


1 

Symantec  Corp. 

S2.4B 

2 

Cisco  Systems  Inc. 

S16B 

3 

McAfee  Inc. 

S958.5M 

4 

CA  Inc. 

S698.7M 

5 

Trend  Micro  Inc. 

S621.9M 

6 

Check  Point  Software 
Technologies  Inc. 

5531.5M 

7 

Juniper  Networks  Inc. 

8 

IBM 

S352.9M 

9 

Microsoft  Corp. 

S3G6.2M 

jio 

RSA  Security  Inc. 

S292M 

Steady  Climb 

Worldwide  security  products  and 
services  revenue  forecast: 


Shred  Your  Bits 
For  Safety’s  Sake 


Jeff  Jonas,  chief  scientist  and 
distinguished  engineer  at 
IBM’s  Entity  Analytic  Solu¬ 
tions  group,  has  developed  a 
means  of  sharing  corporate 
data  without  revealing  what 
that  data  contains. 

This  technology,  called  anonymiza¬ 
tion,  effectively  “shreds”  information, 
making  it  possible  for  companies 
to  share  information  about  their 
customers  with  governments  or 
other  companies  without  giving 
away  any  personal  data.  Jonas 
believes  that  over  time,  companies 
will  increasingly  use  anonymiza¬ 
tion  to  defend  their  data  —  and 
corporate  well-being  — from  com¬ 
petitors  and  identity  thieves. 

Jonas  recently  sat  down  with 
IDG  News  Service’s  Sumner  Lemon  in 
Singapore  to  discuss  anonymization  and 
how  protecting  customer  privacy  will 
make  businesses  more  competitive. 

How  does  anonymization  work?  Normally, 
somebody  with  data  encrypts  it,  and 
then  they  transfer  it.  Then,  the  re¬ 
cipient  decrypts  the  data  to  use  it.  But 
while  it’s  in  transit  —  in  flight  —  it’s 
encrypted.  Cryptographers  have  in¬ 
vented  math  that  allows  you  to  shred 
something  and  then  unshred  it,  en¬ 
crypt  it  and  then  decrypt  it. 

Part  of  cryptography  is  something 
else  that  creates  digital  signatures. 
Smart  math  people  have  invented  algo¬ 
rithms  that  are  called  one-way  hashes. 
It  looks  like  encryption  because  you 
put  in  data  and  what  comes  out  is  not 
readable  to  humans.  But  there’s  no  way 
to  take  what  came  out  and  take  the 
math  and  run  it  backwards  and  get  the 
input  value.  That’s  why  I  use  the  exam¬ 
ple  of  a  pig  and  a  sausage.  If  I  give  you 
the  sausage  and  the  grinder,  you  can’t 
go  backwards  and  make  a  pig. 

I  took  advantage  of  something  that 
someone  else  has  made,  and  I  used  it  in 
a  slightly  different  way  for  a  new  result. 

In  effect,  the  process  of  anonymization  cre¬ 
ates  digital  signatures  of  information  that 


can  be  compared  against  other  signatures 
for  possible  matches.  At  the  same  time,  the 
signatures  cannot  be  used  to  recreate  the 

original  data.  Normally,  I  have  data  and 
you  have  data,  and  we  want  to  figure 
out  what  our  data  means  together.  But 
I  don’t  want  to  give  you  mine,  and  you 
don’t  want  to  give  me  yours.  This  is 
why  information  sharing  will  fail:  Ev¬ 
eryone  wants  to  be  the  recipient. 

Sometimes  a  government 
may  pass  a  law  that  says  I,  as  a 
company,  have  to  give  you  my 
data.  Maybe  you  have  a  watch 
list,  and  you  don’t  want  me  to  see 
it.  That’s  how  I  ended  up  creat¬ 
ing  this.  I  was  getting  ready  to 
take  my  kids  on  a  cruise.  I  made 
the  reservations  and  then  saw 
in  a  newspaper  that  there  was  a 
threat  against  Port  Canaveral,  Fla.,  from 
terrorist  scuba  divers.  I  was  thinking, 
“Oh  no,  I’m  taking  my  kids  on  a  cruise.” 

The  U.S.  government  has  this  re¬ 
ally  cool,  big  list  of  bad  guys.  They 
don’t  send  it  to  the  cruise  line.  And  the 
cruise  line  has  all  these  reservations, 
and  they  don’t  send  it  all  to  the  govern¬ 
ment.  You  could  take  10  bad  guys,  [and] 
they  could  just  sneak  across  the  border, 
use  their  real  names  and  get  on  the 
cruise  ship.  That  was  the  tension  point. 
All  of  the  work  I  had  done  prior  allows 
an  organization  to  share  data  with  it¬ 
self.  What  happens  if  you  want  to  share 
data  across  two  organizations  and  only 
find  things  in  common?  How  would 
you  do  that? 

In  the  past,  you’ve  noted  that  personal 
information  will  get  more  valuable  over 
time.  Where  is  the  incentive  for  companies 
to  make  anonymization  of  data  a  common 
practice?  Well,  this  is  my  theory.  The 
pressures  to  an  organization,  every 
time  it  makes  a  copy  of  its  data  and 
sends  it  someplace  else,  [is  that]  the 
risk  of  someone  stealing  it  grows.  It’s 
now  twice  as  hard  to  protect,  because 
you’ve  just  made  a  copy.  You  think 
it’s  hard  to  protect  this  copy,  but  now 
you  have  two  copies.  Then  you  make 
another  copy  and  send  it  to  a  database 


marketing  company  —  now  there  are 
three  copies.  That  creates  real  stress 
for  an  enterprise  that’s  trying  to  man¬ 
age  their  data. 

The  incentive  for  a  company  to  use  ano¬ 
nymization  then  becomes  protection  of  its 
own  resources,  rather  than  defending  the 
privacy  of  customers?  Right.  Corpora¬ 
tions  spend  more  time  trying  to  be 
competitive  than  protecting  privacy. 

If  they  spent  all  their  time  protecting 
privacy,  they  couldn’t  become  more 
competitive  —  they  would  become 
nonexistent.  I  spend  40%  of  my  time 
now  working  on  privacy  and  civil  lib¬ 
erties.  You’re  right  on  the  crux  of  this 
point:  How  do  you  create  things  that 
companies  want  to  deploy,  that  make 
them  more  competitive  and  are  good 
for  privacy  at  the  same  time?  Consum¬ 
ers  traded  privacy  left  and  right  for 
convenience. 

And  there’s  no  way  to  get  it  back  at  this 

point.  Yeah.  The  toothpaste  is  out  of 
the  tube.  Companies  don’t  just  say  they 
want  to  spend  money  on  privacy.  They 
don’t,  and  I  don’t  see  that  as  a  trend.  You 
have  to  create  something  that  can  make 
them  more  competitive.  Corporations 
are  very  risk-averse.  The  notion  of  los¬ 
ing  all  their  customer  data  —  either  to 
a  competitor  or  identity  thieves  —  and 
then  having  to  make  a  public  announce¬ 
ment  that  they  lost  all  of  their  banking 
data  or  all  of  their  medical  data,  it  can 
destroy  their  entire  brand. 

If  you  can  show  them  how  to  be 
more  competitive  and  at  the  same  time 
reduce  their  risk  exposure,  then  you 
are  taking  them  on  a  journey,  like  in 
the  case  of  anonymization,  that  is  more 
responsible  than  not. 

It’s  a  very  new  thing  to  be  able  to 
analyze  data  after  it’s  been  shredded. 

I  am  trying  to  teach  the  technique, 
and  I’ve  heard  other  companies  have 
announced  they’re  going  to  create 
products  like  that,  which  is  really  good. 
There’s  a  growing  number  of  people 
using  anonymization,  and  I  think  the 
wave  is  coming.  * 


Leaders  Wanted/CIO  Challenge  Series 


Challenge  #4: 

Deliver  business  intelligence  that  inspires  everyone,  even  your  CEO. 


Solution: 

Hyperion — your  management  system  for  the  global  enterprise. 

Here’s  the  paradox:  If  you  give  every  department  the  Bl  they  want,  nobody  gets  the 
Bl  they  really  need.  So  how  do  you  transform  Bl  into  a  strategic  tool  that  guides  the 
enterprise  at  every  level?  Only  Hyperion®  System"*  9  BI+'“  lets  you  produce,  manage 
and  deliver  strategic  Bl  that  integrates  your  financial  and  operational  data.  The 
result:  information-rich  reports  that  allow  management  to  more  accurately  predict 
the  future.  More  insights,  fewer  reports.  Isn’t  that  what  smart  Bl  is  all  about? 


FIND  OUT  HOW  TO  PUT  THE  BUSINESS 
IN  BUSINESS  INTELLIGENCE. 

Go  to  http://smartbi.hyperion.com 

#  Hyperion 

The  future  in  sight 


©  2007  Hyperion  Solutions  Corporation.  All  rights  reserved.  "Hyperion,”  the  Hyperion  logo,  and  Hyperions  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their  products  use  trademarks  owned  by  the  respective 
companies  and  are  for  reference  purpose  only. 
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Business  Basic 

What  type  of  IM  do  you  use? 


Half  On  Board 

Does  your  company  have  a  policy  that  covers 
employees’  use  of  instant  messaging? 


SOURCE:  EXCLUSIVE  COMPUTERWORLD  SURVEY.  FEBRUARY  2007 


BASE;  THE  45  RESPONDENTS  WHO  SAID 
THEIR  COMPANIES  USE  IM 


Snapshots 


IM  Nation 

Does  your  company  use  instant  messaging 
as  a  sanctioned  form  of  interoffice  or 
intercompany  communication? 


MARK  HALL 

Get  Serious 

WHEN  CIOS  stop  buying  computers  that  lack  public-key 
encryption  tools,  that’s  when  companies  will  begin 
to  get  serious  about  data  protection.  When  CIOs  start 
using  encryption  communications  services  that  permit 
only  messages  to  and  from  whitelisted  sources,  that’s  when  IT 
management  will  be  seen  as  serious  about  securing  business 
information.  Until  then,  IT  executives  are  merely  pretending  to 
defend  their  companies  and  their  people. 


It’s  up  to  CIOs  to  take  the  lead  in  this,  and  I’m  flum¬ 
moxed  as  to  why  the  top  IT  leaders  at  the  biggest  and 
best  companies  are  afraid  to  tackle  the  issue  head-on. 
When  the  big  manufacturers  latched  onto  the  notion  of 
electronic  data  interchange,  suppliers  around  the  world 
had  to  adopt  the  technology  or  lose  business.  When  Wal- 
Mart  demanded  that  its  suppliers  use  RFID,  companies 
raced  to  see  who  could  get  there  first.  But  to  date,  no  big 
IT  organization  has  told  its  stakeholders  that  henceforth 
all  communications  will  be  secure,  meaning  “use  en¬ 
cryption  and  get  on  our  whitelist  or  get  lost.” 

It’s  time  for  CIOs  to  stop  dillydallying  with  Band-Aid 
solutions  like  “endpoint”  security  and  arguing  about 
the  finer  points  of  agent  or  agentless  approaches.  The 
only  serious  issues  to  debate  revolve  around  encryption 
key  management  and  which  encryption  ser¬ 
vices  to  use.  Stop  yakking.  Act. 

Our  messaging  systems,  thanks  to  the 
Internet  and  mobility,  are  in  dire  straits 
because  of  malware.  Take  viruses.  Chinese 
antivirus  firm  Rising  reports  that  last  year, 

234,211  new  viruses  appeared  in  China 
alone,  with  90%  of  them  designed  to  steal 
information  from  users.  Postini  (whose  ser¬ 
vice  Computerworld  uses  to  filter  its  consid¬ 
erable  malware  and  spam)  reports  that  in 
December  2006,  94%  of  all  e-mail  sent  was 
spam.  The  2007  Postini  Intelligence  Report 
goes  on  to  fret  that  the  existence  of  botnets, 
which  are  hiding  behind  more  than  1  mil¬ 
lion  IP  addresses,  “threatens  the  viability  of 
e-mail  as  a  productive  business  tool.”  And  the  over¬ 
head  for  processing  mail  leapt  334%  in  2006  because 
of  tricks  such  as  image-based  spam,  says  Postini.  In 
effect,  the  IT  resources  needed  to  deal  with  evil  e-mail 
tripled  last  year,  while  fewer  than  one  in  10  of  the  mes¬ 
sages  was  worth  receiving. 

If  you  think  the  big  IT  vendors  fully  grasp  the  prob¬ 
lem,  think  again.  In  2004,  Bill  Gates  told  the  World 
Economic  Forum  that  spam  would  cease  to  be  a  prob¬ 
lem.  “Two  years  from  now,  spam  will  be  solved,”  he 
said.  Not  quite.  Vendors  won’t  solve  this  problem.  You 
will,  by  taking  the  lead  to  accept  only  encrypted  mes¬ 
sages  from  known  entities  on  your  whitelist. 

Here’s  how  you  do  it.  First,  jettison  the  snail-mail 


mentality  that  believes  electronic  messages  should  be 
treated  exactly  like  communications  handled  by  vari¬ 
ous  nations’  post  offices,  which  endeavor  to  deliver  all 
letters  and  packages  to  any  address  on  their  countless 
mail  routes.  Certainly,  such  a  system  made  complete 
sense  during  the  Age  of  Enlightenment,  when  postal 
networks  emerged  in  the  West.  And  it  still  serves  us 
extremely  well  today.  But  e-mail,  instant  messages,  text 
messages  and  the  like  aren’t  the  same.  Just  because 
someone  gets  your  Internet  address,  there’s  no  earthly 
reason  to  assume  that  person  has  the  right  to  deliver 
something  to  your  PC  in-box  without  your  approval, 
especially  when  the  contents  of  so  many  messages 
contain  programs  designed  to  waste  your  time,  destroy 
your  data,  steal  your  identity  or  rob  you  blind. 

Second,  IT  should  encrypt  all  messages 
going  out  of  the  company  and  accept  only 
encrypted  communications  from  sources 
that  it  subscribes  to,  using  a  publish-and- 
subscribe  model  between  the  organiza¬ 
tion  and  outsiders.  There  are  numerous 
companies  —  Hush  Communications,  Lux 
Scientiae,  Microsoft  and  PGP,  to  name  a 
few  —  that  offer  encryption  products  and/or 
services  and  will  gladly  provide  publish-and- 
subscribe-style  communications. 

Third,  you  will  need  to  plan  for  transi¬ 
tion  problems.  Companies  and  people 
with  whom  you  now  communicate  in  clear 
text  freely  over  the  Internet  will  complain 
about  having  to  subscribe  to  your  whitelist  and  add 
encryption  tools  to  their  organizations.  You’ll  need 
to  tell  people  that  effective  security  is  now  part  of  the 
cost  of  doing  business  with  your  company,  just  as  you 
did  when  people  started  whining  about  EDI  and  RFID. 
Naturally,  you  will  need  to  develop  business  processes 
to  let  people  in  your  organization  add  their  friends 
and  family  members  to  the  whitelist  and  get  them  ac¬ 
counts  on  public  encryption  services.  Those  are  minor 
details. 

The  big  win  will  be  in  security.  Think  about  it:  If 
all  your  communications  are  encrypted,  and  you  manage 
the  keys  and  only  those  on  your  whitelist  can  get 
through,  malware  will  wither  and  die.  That’s  serious 
security.  ► 


Witness  network  history. 


Use  the  past  to  solve  the  present. 

For  a  trusted  approach  to  problem  resolution  rely  on  the  Network  Instruments®  GigaStor™  appliance. 
Everything  is  recorded — every  packet,  every  protocol,  every  transaction  for  hours,  days,  even  weeks. 
The  unique  GigaStor  interface  provides  an  effective  way  to  go  back  in  time  to  determine  not  only 
when  the  application  went  down  but  why. 

Resolve  intermittent  problems,  track  compliance  efforts,  isolate  VoIP  quality  issues,  and  more  on  the 
most  complex  WAN,  Gigabit,  and  10  GbE  networks.  Find  out  how  you  can  go  back  in  time  with  the 
GigaStor.  After  all,  those  who  fail  to  study  history  are  doomed  to  repeat  it. 

P  GigaStor:  Get  proof.  Take  action.  Move  forward. 


NETWOHi 

INSTRUMENT 


Learn  more  about  GigaStor.  800-566-0919 

www.Networklnstruments.com/Time 


©  2007  Network  Instruments,  LLC.  All  rights  reserved.  Network  Instruments,  GigaStor,  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 


careers 


IT  Professionals  and  Managers 
Multivision,  Inc.  an  established 
and  expanding  IT  consulting 
company  with  headquarters  in 
Fairfax,  VA  is  searching  for  qual¬ 
ified  IT  Professionals  (i.e. , 
Software  Consultants,  Software 
Engineers, 
Programmer/Analysts,  Systems 
Analysts)  and  Information 
Systems  and  Project  Managers. 
Most  technical  positions  require 
a  bachelor's  degree  in  computer 
science,  engineering  or  a  relat¬ 
ed  field  and/or  relevant  industry 
experience.  Desired  skills 
include:  ERP/CRM:  Oracle 

Applications,  Web  Methods, 
Siebel,  SAP,  ABAP,  People  Soft; 
TIBCO,  Informatics,  Ab-Initio, 
Data  Staging,  Quality  Analysts, 
Business  Analysts,  Databases 
such  as  Oracle,  SQL  Server  & 
DB2  Languages,  PL/SQL;  J2EE 
technologies,  Java,  EJB, 
Servlets,  JSP,  JDBC,  XML,  C#, 
.NET  Framework,  C++,  develop¬ 
ment  tools  such  as  Visual  Basic, 
CICS  and  various  Web  tech¬ 
nologies  and  application 
servers.  For  our  Information 
Systems  and  Project  Manager 
positions  we  prefer  a  MS  degree 
in  related  fields  such  as  comput¬ 
er  science  or  engineering  and 
relevant  industry  experience. 
We  will  consider  applicants  with 
a  relevant  bachelor’s  degree 
and  significant  industry  experi¬ 
ence  for  these  positions. 

Positions  may  require  relocation 
to  various  client  sites  throughout 
the  United  States.  Qualified 
applicants  submit  resumes  to 
HR  Department,  Mutivision,  Inc., 
1 0565  Fairfax  Blvd.  Suite  #  301 , 
Fairfax,  VA  22030. 


Senior  Programmer  Analyst  in 
Greenwood  Village,  CO  to  dvlp 
client/server  applies  for  health 
insurance  co.,  assist  in  reqmt 
gathering,  tech  dsgn,  &  dvlpg 
s/ware  solutions  using  Oracle 
D/base  8.1.7,  VB  6.0,  Oracle 
Stored  Procedures,  FileNet 
Panagon  IDM  Desktop  3.1, 
FileNet  Panagon  Capture  Profl 
3.1,  &  Visual  Source  Safe 
(VSS).  Customize  scanning 
process  using  knowl  of  bus. 
operations  &  claims  adjudica¬ 
tion  process  using  Ehlapi  32  & 
RUMBA  terminal  emulation 
s/ware.  Reqs  BS  or  foreign 
equiv  deg  in  Comp.  Sci.,  incl 
Comp.  Sci.  Engg;  3  yrs  exp  as 
Prgmr/Analyst  using  FileNet 
Panagon  IDM  Desktop  3.1,  & 
FileNet  Panagon  Capture  Profl 
3.1;  &  working  knowl  of  health¬ 
care  mgmt  bus.  operations, 
Ehlapi32,  RUMBA,  Oracle 
8.1.7,  VB  6.0,  &  Oracle  Stored 
Procedures.  M-F,  8am-5pm; 
$67,320/yr.  Resumes  via  fax  to 
214-237-9116;  or  via  mail,  Attn: 
D-051 96-29348,  700  N  Pearl  St, 
Ste  510,  Dallas  TX  75201.  Ref. 
39405850  &  D-051 96-29348  in 
submissions. 


User  Systems  Development 
Analyst,  Farmington  Hills,  Ml. 
8:00AM-5:00PM.  $70,000.00 

P/A.  Evaluate,  analyze,  devel¬ 
op,  support  &  test  Credit 
Corporation  Portfolio  Systems 
incl  client  lease  &  retail  sys¬ 
tems.  Create  &  maintain  inter¬ 
faces  to  client/server-based 
point-of-sale,  customer  dis¬ 
counting,  dealer  mgr,  docu¬ 
ments  imaging,  re-marketing  & 
credit  approval  systems.  Create 
&  maintain  interfaces  to  web- 
based  &  IVR-based  customer 
services  systems.  Program 
code  &  test  online  &  batch  inter¬ 
face  programs  utilizing  COBOL 
II,  COBOL,  CICS,  Sybase 
Direct  Connect,  JCL,  VSAM, 
EASYTRIEVE,  SMARTTEST, 
INTERTEST,  FTP,  TSO,  ISPF,  & 
INSYNC.  Create  system  test 
plans,  participate  in  system  test¬ 
ing  w/user  &  coord  production 
control  group  to  move  programs 
into  production.  Provide  24X7 
production  support  on  batch  & 
online  interfaces  utilizing  JOB- 
TRACK,  SAR,  OMEGAMON,  & 
SYMDUMP.  Analyze  &  debug 
FTP  problems  for  transmission 
of  data  to/from  portfolio  sys¬ 
tems.  Work  w/systems  software 
support  &  production  control 
groups  to  identify  &  solve  prob¬ 
lems.  Master  (or  Equiv),  Engrg 
or  Computer  Science.  1  yr  exp 
in  job.  Applicants  must  refer¬ 
ence  D-051 82-95099/ 

AJB39446440.  Send  resume 
Attn  D-051 82-95099,  700  N. 
Pearl  St.,  Ste  510,  Dallas,  TX 
75201,  Fax  214-237-9116. 


Systems  Analyst  in  Broomfield, 
CO  for  dsgn  &  dvlp  of  new 
PeopleSoft  enterprise 

resource  planning  (ERP) 
s/ware  applies  &/or  enhance  & 
modify  existing  PeopleSoft 
ERP  s/ware  applies.  Work  on 
HR,  financial,  &  other  types  of 
s/ware  applies.  Migrate  data 
from  Legacy  applies  to 
PeopleSoft  applies  which  inter¬ 
face  w/Oracle  &  MS/Access 
relational  d/base  mgmt  systms 
&  run  on  a  Unix  operating 
systm.  Analyze  reqmts.  Create 
dsgns  &  dsgn  documentation. 
Code,  test,  &  debug  s/ware 
applies.  Use  PeopleSoft 
dvlpmt  tools,  XML,  Java,  & 
structured  Query  reports  in  the 
dsgn  &  dvlpmt  process.  Reqs 
Bach  or  foreign  equiv  in  Comp 
Sci,  Electronics,  Business  or 
related  field;  2  yrs  exp  in 
PeopleSoft  applic  dsgn  & 
dvlpmt  &  working  knowl  of 
Oracle,  UNIX  &  structured 
Query  reports.  M-F,  8a-5p; 
$78,870/yr.  Resumes  via  fax  to 
214-237-9116;  or  via  mail,  Attn: 
D-051 82-96065,  700  North 
Pearl  St.,  Ste  510,  Dallas,  TX 
75201.  Please  ref  39205578  & 
D-051 82-96065. 


Programmer  Analyst.  Perform 
computer  system  analysis  &  pro¬ 
gramming  to  meet  client's 
requirements;  create  test  plans, 
test  cases  &  test  scripts  using 
Test  Director;  carry  out  integra- 
tion/system/user 
acceptance/functionai  testing; 
involve  in  database  testing  by 
running  SQL  queries;  modify 
Winrunner  Scripts  using  TSL 
commands;  conduct  regression 
testing  using  automated  test  plan 
&  scripts;  responsible  for  bug  fix 
verification.  Require:  Bachelor  in 
science  or  engineering  or  tech¬ 
nology,  1  -yr  exp  in  job  offered  or 
related  as  programmer/analyst, 
related  exp  must  include  using 
SQL  queries,  TSL  command. 
40hrs/wk,  8:00-5:00pm,  $60k/yr, 
various  work  cites.  Send  resume 
to:  Attn:  D051 82-95495,  700  N. 
Pearl  St,  Ste  N  510,  Danas,  TX 
75201.  Fax  214-237-9116.  Ref 
AJB  #  39446619. 


Programmer  Analyst  -  Gather 
user  requirements  and  perform 
systems  analysis.  Design  and 
develop  application  and  data¬ 
base  under  close  supervision. 
Will  assist  in  the  implementation 
of  applications  and  preparing 
documentation  including  user 
manuals.  Will  work  with  related 
computer  programming. 

Bachelors  degree  or  foreign 
equivalent  required  in  Computer 
Science,  Math,  Physics,  or 
Engineering  (any  branch)  and  3 
years  of  experience  in  job  offered 
or  3  years  consultant/program¬ 
mer  work.  Job  Location:  Irvine, 
CA.  Will  be  assigned  to  various 
unanticipated  client  sites 
throughout  the  U.S.  $  72,530/Yr 
hours  8am  -  5  pm.  Please  send 
resume  to  700  North  Pearl  St.  # 
510,  Dallas,  TX  75201  or  fax  214- 
237-9116  Attn:  D-05175-84464 


User  Systems  Development 
Analyst,  Farmington  Hills,  Ml. 
8:00AM-5:00PM.  $40.26  P/H. 
Analyze,  design  &  develop 
database  apps  in  DB2  UDB, 
perform  extraction  transaction  & 
loading  processes,  using 
Informatica  &  Data  Stage,  col¬ 
lect  &  transform  data  leading  to 
assessments  of  dealer  prof¬ 
itability  &  dealer  return  on  equi¬ 
ty,  based  on  value  of  retail  & 
lease  sales.  Analyze,  design  & 
develop  On-line  Analytical 
Processing  data  structures,  per¬ 
form  data  mining,  &  develop 
business  intelligence  reports 
using  Cognos  to  make  multi¬ 
dimensional  &  web-enabled 
reporting  on  corporate  financial 
data.  Analyze,  streamline  & 
automate  manual  processes  to 
report  return  on  equity  of  new 
product  acquisitions  measuring 
performance  of  dealers  &  other 
entities.  Develop  DB2  app  & 
OLAP  PowerPlay  Cubes  &  cre¬ 
ate  standard  &  adhoc  reports 
using  Cognos  products  such  as 
Impromptu,  Powerplay,  IWR  & 
Upfront.  Use  star  schema  & 
Business  Intelligence  method¬ 
ologies  in  the  development  of, 
the  Data  Mart  as  well  as  reports 
to  assess  &  measure  perfor¬ 
mance  of  dealers  based  on 
return  on  equity.  Master, 
Business  Admin  or  Info 
Systems  Mgmt.  1  yr  exp  in  job. 
Applicants  must  reference  D- 
05 1 82-95405/A  JB39601 345. 
Send  resume  ATTN:  D-051 82- 
95405,  700  N.  Pearl  St.,  Ste 
510,  Dallas,  TX  75201,  Fax 
214-237-9116. 


Senior  Programmer/ Analyst  II  in 
Greenwood  Village,  CO  to  dvlp  & 
support  2  web  sites  that  focus  on 
life  &  health  medical  eligibility. 
Work  involves  new  dvlpmt  & 
maintenance  using  VB,  ASP,  Perl, 
Python,  XML  &  XSLT  on  an 
Oracle  d/base,  using  .Net  &  C 
prgmg  languages.  Document  full 
architecture  &  dsgn  using  s/ware 
dvlpmt  methodology,  identifying 
dsgn  reqmts  &  arch.  dsgn.  Work 
on  OS390  Legacy  systm.  Reqs 
BS  or  for  equiv  deg  in  Engg  (incl 
Electronic  Engg)  or  Comp.  Sci.;  3 
yrs  exp  as  S/ware  Dvlpr;  &  work¬ 
ing  knowl  of  VB,  ASP,  Perl,  & 
Oracle  d/base.  M-F,  8am-5pm; 
$73,665/yr.  Resumes  via  fax  to 
214-237-9116;  or  via  mail,  Attn: 
D-051 82-95542,  700  N  Pearl  St. 
Ste  510,  Dallas  TX  75201.  Ref. 
39205492  &  D-051 82-95542  in 
submissions. 


IT  QA  Analyst  -  Design,  build 
and  execute  perf.  testing,  inte¬ 
gration  of  third  party  appls  test¬ 
ing,  and  end-to-end  system 
testing  across  PeopleSoft 
HRMS,  Finance,  SCM,  and 
Portal  environments.  Review  & 
approve  testing  docs  and  rec¬ 
ommend  improvements.  Req. 
BS  in  CIS,  IT  or  Engineering  & 
3  yrs  PS  and  software  testing 
exp.  Req  exp.  w /  PS  FSCM 
8. 4/8. 9,  PS  HRMS  8.8, 
HighJump  &  Mercury's  Quality 
Ctr.  Send  resume  to  GTSI 
Corp.,  Attn:  HR  Dept-Grace, 
3901  Stonecroft  Blvd.  Chantilly, 
VA  20151.  Job  code  030801. 


Computers 

ING  Direct  (Wilmington,  DE) 
seeks  Sr.  Java  Developer, 
with  BS  in  CS  or  related 
field  or  equiv.  +  5  yrs.  exper. 
Must  have  internet  banking 
application  development 
experience  involving;  1) 
Mumps;  2)  MQ  messaging; 
3)  interaction  with  Transact 
and  Profile;  4)  SQL/Oracle 
stored  procedures.  Send 
resume  to:  careers@ingdi- 
rect.com  with  SJD07  in  sub¬ 
ject  heading,  no  calls.  EOE 


Computerworld 


Computer  Professionals  NJ 
based  IT  firm:  Jr.  Lvl  Positions: 
Prog  Analysts,  S/w  Engrs  to 
design,  develop,  create  &  mod¬ 
ify  comp,  applications.  Analyze 
user  needs  &  develop  s/w  solu¬ 
tions.  Sr.  Lvl  Positions:  IT 
Mgrs.,  Sr.  S/w  Engrs,  Sr.  Prog. 
Analysts  to  plan  direct  &  coordi¬ 
nate  activities  in  complex  com¬ 
puting  environment.  Consult 
with  Users  &  Technicians  to 
assess  computing  needs  &  sys¬ 
tem  reqmnts.  Apply  w/  2  copies 
of  resume  to  HR  -  Derex 
Technologies,  Inc  111  S.  Frank 
E.  Rodgers  Blvd.,  Suite  #  306 
Harrison,  NJ  07029. 


Sr  &  Jr  level  IT  Mgrs  to  plan, 
direct,  train,  coordinate 
activities  in  such  fields  as 
electronic  data  processing, 
information  systems,  sys¬ 
tems  analysis  &  computer 
programming.  Consult  with 
users,  management,  techni¬ 
cians  to  assess  computing 
needs  &  system  require¬ 
ments.  Mail  2  copies  of 
resumes  to  Human 
Resources,  Shree  Solutions, 
Inc.,  200  Middlesex  Essex 
Tpk.,  Ste.  306J,  Iseiin,  NJ  - 
08830. 


DB  Team  Lead  need¬ 
ed  in  Media,  PA  to 
plan,  direct  &  coordi¬ 
nate  standards  & 
guidelines  for  data 
migration  projects. 
Mail  resume  to:  LT 
Court  Tech,  Attn:  F. 
Malis,  85  Pondfield 
Rd,  2nd  FI, 
Bronxville,  NY  10708. 


SOFTWARE  ENGINEER  for 
Software  Develop/Consult  Co 
in  Seattle,  WA,  F/T. 
Analyze/write  programs  & 
interface  for  businesses  transi¬ 
tioning  to  E-Commerce;  clarify 
program  intent/identify  prob¬ 
lems/suggest  changes/deter¬ 
mine  programming  and  coding 
requirements.  Salary  commen¬ 
surate  with  experience  and 
education,  full-time.  Mail 
resume  to  Eworid  Technology 
19550  7th  Ave.NE,  Shoreline, 
WA  98155. 


IT  QA  Analyst  -  Design,  build 
and  execute  perf.  testing,  inte¬ 
gration  of  third  party  appls  test¬ 
ing,  and  end-to-end  system 
testing  across  PeopleSoft 
HRMS,  Finance,  SCM,  and 
Portal  environments.  Review  & 
approve  testing  docs  and  rec¬ 
ommend  improvements.  Req. 
BS  in  CIS,  IT  or  Engineering  & 
2  yrs  PS  and  software  testing 
exp.  Req  exp.  w/  PS  FSCM 
8.4/8. 9,  PS  HRMS  8.8, 
HighJump  &  Mercury's  Quality 
Ctr.  Send  resume  to  GTSI 
Corp.,  Attn:  HR  Dept-Grace, 
3901  Stonecroft  Bivd.  Chantiily, 
VA  20151.  Job  code  030601. 


Proj  Manager  (PM0307): 
Lead/manage  teams  to  ana¬ 
lyze,  design,  dvlp,  test  appls 
using  PeopleSoft,  Oracle, 
VB,  PL/SQL,  Windows  etc; 
perform  proj  scoping,  plan¬ 
ning,  time/cost  schedules; 
review  deliverables;  eval/ 
guide  team.  Req:  MS  in 
CS/Engg  &  3  yrs  exp  OR  BS 
or  foreign  equiv  &  5  yrs  pro¬ 
gressive  exp.  FT.  Travel. 
Resume:  HR,  Compsoft 
Technology  Solutions  Group, 
1701  E.  Woodfield  Rd,  Ste 
220,  Schaumburg,  IL  60173 
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Oracle  Unveils  Governance, 
Risk  Management  Tools 

Promises  to  monitor  compliance  with 
rules  such  as  the  Sarbanes-Oxley  Act 


BY  MARC  L.  SONGINI 

RACLE  CORP.  has 
rolled  out  a  new 
set  of  applications 
that  it  says  can  help 
IT  managers  implement  cor¬ 
porate  risk  management  and 
financial  reporting  compli¬ 
ance  procedures. 

The  new  Oracle  Gover¬ 
nance,  Risk  and  Compliance 
(GRC)  suite  combines  busi¬ 
ness  intelligence  capabilities 
in  some  Oracle-developed 
products  with  the  compliance 
management  and  enterprise 
content  management  tools  Or¬ 


acle  gained  with  its  acquisition 
of  Stellent  Inc.  last  November, 
the  company  said. 

Aaron  Sager,  manager  of 
business  systems  at  ViaSat 
Inc.,  a  Carlsbad,  Calif.-based 
provider  of  satellite  and 
wireless  communications 
equipment,  said  he  intends  to 
use  the  tools  to  better  auto¬ 
mate  his  company’s  efforts  to 
comply  with  the  Sarbanes- 
Oxley  Act. 

ViaSat  currently  uses  the 
Oracle  Internal  Controls 
Manager  in  E-Business  Suite 
Hi  to  ensure  compliance 


with  federal  requirements 
for  creating  corporate  fi¬ 
nancial  controls,  Sager  ex¬ 
plained.  The  company  uses 
the  Internal  Controls  Manag¬ 
er  to  support  documentation 
and  compliance  procedures, 
he  said. 

Playing  by  the  Rules 

Sager  said  he  hopes  that  the 
GRC  Application  Configura¬ 
tion  Controls  module  can  be 
used  to  establish  a  set  of  rules 
and  then  ensure  that  they  are 
enforced.  The  tool  promises  to 
send  out  alerts  if  the  rules  are 
violated,  he  said. 

For  example,  Sager  said, 
ViaSat  could  have  an  accounts- 
payable  policy  for  transactions 


dictating  that  a  purchase  order 
be  within  a  predetermined 
percentage  of  the  amount 
of  the  invoice.  If  someone 
were  to  change  this  policy, 
an  alert  would  be  sent  to  the 
appropriate  employee  and 
the  change  prevented,  he 
explained. 

ViaSat  plans  to  start  rolling 
out  the  new  Oracle  software 
later  this  year. 

The  Oracle  GRC  suite  of 
tools  expands  considerably 
on  the  compliance  support 
capabilities  in  the  company’s 
E-Business  Suite  lli  software 
by  supporting  both  Oracle  and 
non-Oracle  business  applica¬ 
tions,  according  to  Folia  Grace, 
vice  president  of  applications 
marketing. 

The  suite,  unveiled  earlier 
this  month,  includes  Oracle 
Fusion  GRC  Intelligence, 
which  provides  an  out-of-the- 
box  dashboard  along  with 
reporting  capabilities. 


It  also  includes  the  Oracle 
GRC  Manager,  which  moni¬ 
tors  business  risks,  auto¬ 
matically  highlights  potential 
weaknesses  and  initiates  cor¬ 
rective  actions. 

In  addition,  the  suite  in¬ 
cludes  the  Application  Con¬ 
figuration  Controls  tool,  which 
is  designed  to  monitor  500 
control  processes  in  the  Ora¬ 
cle  E-Business  Suite  and  help 
enforce  corporate  policies,  the 
company  said. 

Michael  Rasmussen,  an 
analyst  at  Cambridge,  Mass.- 
based  Forrester  Research 
Inc.,  said  the  new  offering 
includes  a  comprehensive 
and  sophisticated  set  of  tools 
that  support  international 
reporting  rules  and  com¬ 
plete  risk-management 
processes. 

All  products  in  the  GRC 
suite  will  be  available  later 
this  year.  Pricing  starts  at 
$995  per  user. » 


Continued  from  page  1 

J-SOX 

—  nobody  really  knows”  the 
specific  requirements  yet,  said 
Michael  Pellegrino,  vice  presi¬ 
dent  of  IT  at  Fuji  Photo  Film 
U.S.A.  Inc.,  a  Valhalla,  N.Y.- 
based  subsidiary  of  Tokyo- 
based  Fujifilm  Corp. 

As  the  largest  of  Fujifilm’s  12 
North  American  subsidiaries, 
Pellegrino’s  group  is  follow¬ 
ing  the  lead  of  its  parent  firm’s 
IT  operations  on  what  steps  it 
should  take  to  document  its 
IT  controls. 

Pellegrino  noted  that  as  part 
of  its  due-diligence  efforts,  his 
company  is  already  creating 
a  “matrix”  of  all  its  hardware, 
the  IP  addresses  for  those  ma¬ 
chines  and  the  software  that 
runs  on  them. 

He  said  that  his  organiza¬ 
tion  expects  to  document 
the  controls  it  has  in  place 
for  several  IT  processes  that 
could  affect  the  company’s 
financial  activities.  Among 
them  are  those  related  to  the 


procurement  and  development 
of  software  applications,  the 
procurement  and  develop¬ 
ment  of  IT  infrastructure,  the 
deployment  and  testing  of  IT, 
and  the  management  of  third- 
party  IT  services. 

Sarb-Ox  Lessons  Learned 

J-SOX,  officially  known  as  the 
Financial  Instruments  and 
Exchange  Law,  is 
scheduled  to  go 
into  effect  in  April 
2008  for  roughly 
3,800  companies 
listed  in  Japan, 
along  with  their 
foreign  subsidiaries. 

Japan’s  Financial 
Services  Agency 
—  similar  to  the 
U.S.  Securities  and 
Exchange  Com¬ 
mission  —  moved 
to  create  J-SOX 
laws  following  ac¬ 
counting  scandals  involving 
companies  such  as  Seibu  Rail¬ 
way  Co.,  Livedoor  Co.  and  the 
Murakami  Fund. 

Marios  Damianides,  an  IT 


risk  management  consultant 
and  partner  at  Ernst  &  Young 
LLP  in  New  York,  said  he 
expects  that  the  relaxation  of 
some  Sarbanes-Oxley  require¬ 
ments  by  the  Public  Company 
Accounting  Oversight  Board 
in  the  U.S.  late  last  year  should 
help  ensure  that  the  J-SOX 
rules  won’t  be  excessive  for 
businesses. 

The  lessons 
learned  from 
U.S.  companies’ 
Sarbanes-Oxley 
efforts  will  lead 
Japan’s  Financial 
Services  Agency 
to  “soften  J-SOX 
[requirements] 
a  little  bit,”  said 
Damianides,  a  for¬ 
mer  international 
president  of  the  In¬ 
formation  Systems 
Audit  and  Control 
Association. 

As  part  of  its  effort  to  meet 
J-SOX  requirements,  Tokyo 
Electron  Ltd.  is  revising  its 
security  and  IT  policies  “to 
conform  with  what  J-SOX  is 


We  re  working  hard  on 
the  things  we  know 
about.  As  soon  as 
J-SOX  gets  approved, 
we'll  be  an  early  adoptei 
says  Tokyo  Electron’s 
RUSS  FINNEY. 


I  This  is 
just  like 
the  early  stages 
of  Sarbanes- 
Oxley  -  nobody 
really  knows 
[the  specific 
requirements]. 


MICHAEL  PELLEGRINO, 
VICE  PRESIDENT  OF  IT, 

FUJI  PHOTO  FILM  U.S.A.  INC. 


going  to  look  like,”  said  Russ 
Finney,  CIO  at  Tokyo  Electron 
America  Inc.  in  Austin.  “It’s 
going  to  be  a  lot  of  work.” 

That  work  will  involve 
tracking  and  monitoring  the 
company’s  global  IT  systems, 
as  well  as  documenting  the 
security  safeguards  it  has  in 
place  for  each  of  those  sys¬ 
tems,  said  Finney. 

“I  would  anticipate  that  we’d 
be  in  good  shape”  regarding 
IT  asset  tracking,  since  Tokyo 


Electron  already  does  that, 
said  Finney. 

But,  like  Fuji  Photo’s  Pel¬ 
legrino,  Finney  and  his  IT  team 
in  Austin  can  only  address  the 
J-SOX  requirements  that  have 
been  made  clear  by  Japan’s  Fi¬ 
nancial  Services  Agency. 

“We’re  working  hard  on  the 
things  we  know  about,”  said 
Finney.  “As  soon  as  J-SOX  gets 
approved,  we’ll  be  an  early 
adopter.” 

Many  Japanese  companies 
may  have  a  jump-start  in 
meeting  the  requirements 
because  IT  asset  tracking  is  al¬ 
ready  commonly  practiced  by 
most  businesses  in  the  coun¬ 
try,  said  Masafumi  Tanabu,  a 
partner  at  Tokyo-based  KPMG 
AZSA  &  Co.  The  firm  is  help¬ 
ing  its  accounting  customers 
comply  with  the  regulatory 
framework. 

In  Japan,  companies  must 
denote  individual  assets,  such 
as  servers  and  desktop  ma¬ 
chines,  in  their  accounting  re¬ 
cords  and  expense  those  assets 
in  order  to  receive  tax  benefits 
for  them,  Tanabu  noted.  ► 
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HP  4  No  More? 


WHAT  NOW  for  the  Hewlett-Packard  Four?  You’ve 

already  seen  the  headlines:  Last  week,  a  Silicon 
Valley  judge  dropped  all  charges  against  former 
HP  Chairwoman  Patricia  Dunn  and  three  other 
defendants  in  the  HP  pretexting  scandal,  in  which 
news  reporters  and  HP  board  members  were  spied  on  and  imperson¬ 
ated  as  part  of  an  ill-conceived  effort  to  stop  leaks  to  the  media. 

Three  of  the  defendants  will  each  do  96  hours  of  community  ser¬ 
vice.  Dunn,  who  has  cancer,  won’t.  Case  dismissed. 

Yes,  it  does  sound  like  the  fix  was  in.  But  unwinding  this  tangled 
web  suggests  that  maybe  it’s  not  so  simple  —  just  sad. 


To  recap  what’s  gone  before:  Last  October,  the 
California  attorney  general  charged  Dunn,  Kevin 
Hunsaker,  Ronald  DeLia,  Matthew  Depante  and 
Bryan  Wagner  with  fraudulently  obtaining  con¬ 
fidential  records,  identity  theft,  accessing  com¬ 
puter  data  without  authorization,  and  conspiracy. 

The  last  guy  on  that  list,  Wagner,  actually  did 
the  pretexting.  He  was  an  independent  contrac¬ 
tor  in  Colorado  working  for  Depante,  a  manager 
at  a  Florida  data-brokering  company.  Depante’s 
company  was  hired  by  DeLia,  who  runs  a  Boston 
security  outfit  that  regularly  did  work  for  HP. 
DeLia  reported  to  Hunsaker,  HP’s  chief  ethics 
officer,  who  reported  to  Dunn.  That’s  the  daisy 
chain  of  the  conspiracy. 

In  January,  Wagner  pleaded  guilty  to  federal 
charges  of  conspiracy  and  wire  fraud.  The  charg¬ 
es  have  a  minimum  sentence  of  two  years  in  pris¬ 
on,  but  the  judge  may  be  lenient  when  Wagner  is 
sentenced  in  June,  because  he’s  cooperating  with 
the  feds. 

Last  week,  Depante,  DeLia  and  Hunsaker 
tried  to  plead  no  contest  to  reduced  charges  of 
misdemeanor  wire  fraud.  The  judge  rejected  the 
pleas  and  instead  proposed  that  if  they  made 
restitution  and  did  community  ser¬ 
vice  within  six  months,  he’d  spike 
the  charges.  The  same  day,  charges 
against  Dunn  were  dropped  because 
of  her  health  problems. 

Why  the  very  attractive  deal  now? 

A  cynic  might  notice  that  the  original 
felony  charges  were  filed  by  Califor¬ 
nia  Attorney  General  Bill  Lockyer 
during  his  campaign  for  state  trea¬ 
surer.  Now,  Lockyer  has  won  his  elec¬ 
tion,  former  Gov.  Jerry  Brown  is  the 
new  attorney  general,  and  the  felony 
charges  have  evaporated. 

So  is  it  really  over?  No.  HP  has 
agreed  to  pay  $14.5  million  to  settle 


a  civil  suit  filed  by  California.  But  at  least  one 
other  lawsuit,  filed  against  board  members  by  an 
HP  stockholder  in  September,  is  still  pending. 

And  Depante,  DeLia  and  Hunsaker  still  face 
potential  federal  charges,  especially  now  that 
Wagner  will  testify  for  the  feds.  But  U.S.  Attor¬ 
ney  Kevin  Ryan,  who  turned  Wagner,  is  one  of 
the  eight  federal  prosecutors  recently  fired  for 
what  may  have  been  political  reasons.  Whether 
his  successor  will  pursue  the  case  is  up  in  the  air. 

What  about  Dunn,  who  launched  this  fiasco? 
The  prosecutor’s  office  said  charges  were 
dropped  not  because  Dunn  was  innocent  but  be¬ 
cause  of  her  health:  Since  2000,  Dunn  has  been 
treated  for  breast  cancer,  skin  cancer,  ovarian 
cancer  and  a  cancerous  tumor  in  her  liver. 

Then  again,  the  case  against  Dunn  would  be 
exceptionally  hard  to  prove.  There’s  a  paper  trail 
showing  that  everyone  up  to  Hunsaker  knew 
about  the  illegal  pretexting.  (When  told  about  it 
by  e-mail,  ethics  honcho  Hunsaker  responded,  “I 
shouldn’t  have  asked.”) 

But  among  hundreds  of  e-mails,  reports, 
memos  and  notes  turned  over  to  investigators,  no 
proof  has  turned  up  that  Dunn  knew  about  the 
pretexting.  And  at  least  four  differ¬ 
ent  lawyers  assured  Dunn  that  ev¬ 
erything  being  done  in  her  leak  in¬ 
vestigation  was  legal.  That’s  the  sort 
of  thing  that  gives  juries  reasonable 
doubt  —  and  prompts  prosecutors 
to  drop  charges. 

Not  so  simple  as  the  fix  being 
in,  is  it?  Just  disgusting,  nightmar¬ 
ish  and  sad  —  not  least  for  all  the 
people  at  HP  who  wish  they’d  never 
heard  of  the  Hewlett-Packard  Four. 

And  who  remember  a  time  when 
the  names  Hewlett  and  Packard 
stood  for  something  very  different 
in  Silicon  Valley. » 


FRANK  HAYIES,  Computer- 
world's  senior  news  columnist, 
has  covered  IT  for  more  than 
20  years.  Contact  him  at  frank. 
hay0s@comput0rworld.com . 


Complaint  Department 

Sysadmin  pilot  fish  gets  to  the  office  on  Monday 
morning  and  finds  a  few  voice  mails  from  users  com¬ 
plaining  that  they  can’t  connect  to  the  server.  Sure 
enough,  the  system  has  been  down  since  2:30  a.m. 
Saturday.  Fish  reboots  it,  but  an  hour  later,  the  presi¬ 
dent  comes  in  and  proceeds  to  chew  him  out.  “There 
should  be  a  procedure  in  place  for  when  the  systems 
go  down  on  the  weekends,”  president  says.  “There 
were  five  of  us  in  on  Saturday,  and  we  couldn’t  get  on 
the  system.”  Did  anyone  try  calling  any  of  the  IT  staff 
at  home?  fish  asks.  “No,”  roars  president.  “You’re 
supposed  to  know  when  it's  down!” 


Road  Trip 

User  in  a  remote 
office  85  miles 
away  calls  IT 
tech,  complain¬ 
ing  that  the  tool  bar  on 
her  Windows  desktop 
is  gone.  “The  tech  at- 


SHARK 

TANK* 


be  fine.  I  then 
recheck  the 
e-mail.  Sure 
enough,  it  was 
sent  before 

7  a.m.  -  well  before  the 
building  is  opened  for 
business  and  the  lights 
inside  the  warehouse 


tempted  to  help  her  by 
phone,  but  nothing  they  where  the  camera  is  lo- 


tried  would  redisplay 
the  tool  bar,”  says  a 
pilot  fish  on  the  scene. 
“Upon  arrival  at  her  of¬ 
fice,  he  found  her  moni¬ 
tor  sporting  a  brand- 
new  magnifier/antiglare 
screen.  You  guessed 
it:  The  magnifier  is  just 
a  tad  smaller  than  her 
monitor.  The  missing 
tool  bar  was  found  be¬ 
hind  its  lower  frame.  At 
least  it  was  a  nice  day 
for  a  170-mile  drive. 


Enlightenment 

IT  operations  pilot  fish 
gets  a  message  from  a 
district  manager  who 


cated  are  turned  on.” 

Be  Nice,  Now 

Software  engineer  is 
setting  up  laptops  for 
a  mobile  health  clinic 
and  has  to  demonstrate 
them  to  the  doctors  who 
will  use  them.  “I  men¬ 
tioned  that  the  pass¬ 
word  can  be  changed,” 
fish  says.  “During  the 
presentation,  one  of 
the  doctors  interrupted 
to  ask,  ‘Do  we  have 
to  enter  the  password 
every  time?"  I  sighed 
and  replied  of  course. 
Then  the  doctor  went 


on:  ‘Perhaps  we  could 


9  r 

says  one  of  the  net-  write  it  down  and  affix  it 


worked  color  security 
cameras  is  only  show¬ 
ing  images  in  black  and 
white.  “I  dial  into  that 
location  and  check  out 
the  problem  camera,” 
fish  reports.  “Camera  is 
in  color  and  appears  to 


to  the  computer.’  I  knew 

Bwhat  he  meant,  but  I  bit 
my  tongue  and  said,  ‘As 
long  as  you  remove  it 
before  you  actually  do 
the  clinics  -  otherwise 
that  would  compromise 
our  data  security.’  ” 


ONQ  COMPROMISES  HERE:  If  you  send  your  true 
tale  of  IT  life  to  sharky@computerworld.com,  you’ll 
get  a  stylish  Shark  shirt  if  I  use  it.  And  check  out  Sharky’s 
blog,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworid.com/sharky. 


Join  the  feeding  frenzy  at  Shark  Bait,  where 
you  and  your  peers  can  rant  about  all 
things  IT:  sharkbait.computerworld.com. 


Let  Internet  Security  Systems  stop 

network  threats  before  they  shut  down  your  business 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to  protect  against  losses  once  an 
Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems  (ISS).  Because  our  enterprise  solutions  are  based  on  the  world's  most  advanced 
vulnerability  research,  only  ISS  can  offer  preemptive  security  and  stop  threats  before  they  impact  your  business.  So  why  rely  on  “reaction"  when  security  can  be  a  sure  thing? 

Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules ,  at  www.iss.net/proof  or  call  today  at  800-776-2362. 
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